From ae262d581a2f9279b321faa67f31f475b3359be2 Mon Sep 17 00:00:00 2001
From: Brenda Rearden <brenda@rancher.com>
Date: Mon, 4 Oct 2021 15:04:56 -0700
Subject: [PATCH 1/2] Support volume mount for additional istio images

---
 packages/rancher-istio/charts/Chart.yaml             |  2 +-
 .../charts/templates/istio-install-job.yaml          |  8 ++++++++
 packages/rancher-istio/charts/values.yaml            | 12 ++++++++++++
 packages/rancher-istio/package.yaml                  |  2 +-
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/packages/rancher-istio/charts/Chart.yaml b/packages/rancher-istio/charts/Chart.yaml
index 815797216..8bdc2a4a3 100644
--- a/packages/rancher-istio/charts/Chart.yaml
+++ b/packages/rancher-istio/charts/Chart.yaml
@@ -19,4 +19,4 @@ annotations:
   catalog.cattle.io/os: linux
   catalog.cattle.io/requests-cpu: "710m"
   catalog.cattle.io/requests-memory: "2314Mi"
-  catalog.cattle.io/rancher-version: ">= 2.6.0-0"
+  catalog.cattle.io/rancher-version: ">= 2.6.0-0 <= 2.6.99-0"
diff --git a/packages/rancher-istio/charts/templates/istio-install-job.yaml b/packages/rancher-istio/charts/templates/istio-install-job.yaml
index 625da0832..c687b6a7f 100644
--- a/packages/rancher-istio/charts/templates/istio-install-job.yaml
+++ b/packages/rancher-istio/charts/templates/istio-install-job.yaml
@@ -42,6 +42,11 @@ spec:
             mountPath: /app/overlay-config.yaml
             subPath: overlay-config.yaml
           {{- end }}
+          {{- if .Values.installer.releaseMirror.additionalIstioImage.enabled }}
+          - name: {{ .Values.installer.releaseMirror.additionalIstioImage.volumeMountName }}
+            mountPath: /opt/istio-releases/{{ .Values.installer.releaseMirror.additionalIstioImage.tag }}/istio-{{ .Values.installer.releaseMirror.additionalIstioImage.tag }}-linux-amd64.tar.gz
+            subPath: istio-{{ .Values.installer.releaseMirror.additionalIstioImage.tag }}-linux-amd64.tar.gz
+          {{- end }}
       volumes:
         - name: config-volume
           configMap:
@@ -51,6 +56,9 @@ spec:
           configMap:
             name: istio-installer-overlay
         {{- end }}
+{{- if .Values.installer.releaseMirror.additionalIstioImage.enabled }}
+{{ toYaml .Values.installer.releaseMirror.additionalIstioImage.volumes | indent 8 }}
+{{- end }}
       serviceAccountName: istio-installer
       securityContext:
         runAsUser: 101
diff --git a/packages/rancher-istio/charts/values.yaml b/packages/rancher-istio/charts/values.yaml
index 43e7da8db..558e4a9b7 100644
--- a/packages/rancher-istio/charts/values.yaml
+++ b/packages/rancher-istio/charts/values.yaml
@@ -11,6 +11,18 @@ installer:
   ##for airgap setups. Setting releaseMirror.enabled to false means istio will call externally to github to fetch the required assets.
   releaseMirror:
     enabled: false
+    ##If the image you need is not packaged with the rancher/istio-installer, create a volume mount with the istio-{{ .Values.installer.additionalIstioImage.tag }}-linux-amd64.tar.gz
+    ##file in it and set the additionalIstioImage values to connect to the volume prior to installing/upgrading your rancher-istio chart.  
+    additionalIstioImage:
+      enabled: false
+      volumeMountName: rancher-istio-additional-image
+      volumes:
+        - name: rancher-istio-additional-image
+          persistentVolumeClaim:
+            claimName: rancher-istio-additional-image
+            readOnly: false
+      tag: 1.10.4
+      
   ##Set the secondsSleep to run a sleep command `sleep <secondsSleep>s` to allow time to exec into istio-installer pod for debugging
   debug:
     secondsSleep: 0
diff --git a/packages/rancher-istio/package.yaml b/packages/rancher-istio/package.yaml
index 58c2d2565..aae365e8d 100644
--- a/packages/rancher-istio/package.yaml
+++ b/packages/rancher-istio/package.yaml
@@ -1,2 +1,2 @@
 url: local
-version: 100.0.2+up1.10.4
+version: 100.0.3+up1.10.4

From 24042840d8e7ff877084f8141be0d4f04b1f3254 Mon Sep 17 00:00:00 2001
From: brendarearden <brendarearden@gmail.com>
Date: Thu, 28 Oct 2021 13:35:28 -0700
Subject: [PATCH 2/2] Make charts

---
 .../rancher-istio-100.0.3+up1.10.4.tgz        | Bin 0 -> 20635 bytes
 .../rancher-istio/100.0.3+up1.10.4/Chart.yaml |  23 +++
 .../rancher-istio/100.0.3+up1.10.4/README.md  |  80 ++++++++
 .../100.0.3+up1.10.4/app-readme.md            |  35 ++++
 .../100.0.3+up1.10.4/charts/kiali/Chart.yaml  |  31 +++
 .../charts/kiali/templates/NOTES.txt          |   5 +
 .../charts/kiali/templates/_helpers.tpl       | 193 ++++++++++++++++++
 .../charts/kiali/templates/cabundle.yaml      |  13 ++
 .../charts/kiali/templates/configmap.yaml     |  25 +++
 .../kiali/templates/dashboards/envoy.yaml     |  56 +++++
 .../charts/kiali/templates/dashboards/go.yaml |  67 ++++++
 .../kiali/templates/dashboards/kiali.yaml     |  44 ++++
 .../dashboards/micrometer-1.0.6-jvm-pool.yaml |  43 ++++
 .../dashboards/micrometer-1.0.6-jvm.yaml      |  65 ++++++
 .../dashboards/micrometer-1.1-jvm.yaml        |  68 ++++++
 .../dashboards/microprofile-1.1.yaml          |  59 ++++++
 .../dashboards/microprofile-x.y.yaml          |  38 ++++
 .../kiali/templates/dashboards/nodejs.yaml    |  59 ++++++
 .../kiali/templates/dashboards/quarkus.yaml   |  33 +++
 .../dashboards/springboot-jvm-pool.yaml       |  16 ++
 .../templates/dashboards/springboot-jvm.yaml  |  16 ++
 .../dashboards/springboot-tomcat.yaml         |  16 ++
 .../kiali/templates/dashboards/thorntail.yaml |  22 ++
 .../kiali/templates/dashboards/tomcat.yaml    |  67 ++++++
 .../templates/dashboards/vertx-client.yaml    |  60 ++++++
 .../templates/dashboards/vertx-eventbus.yaml  |  59 ++++++
 .../kiali/templates/dashboards/vertx-jvm.yaml |  16 ++
 .../templates/dashboards/vertx-pool.yaml      |  68 ++++++
 .../templates/dashboards/vertx-server.yaml    |  62 ++++++
 .../charts/kiali/templates/deployment.yaml    | 179 ++++++++++++++++
 .../charts/kiali/templates/hpa.yaml           |  17 ++
 .../charts/kiali/templates/ingress.yaml       |  43 ++++
 .../charts/kiali/templates/oauth.yaml         |  17 ++
 .../charts/kiali/templates/psp.yaml           |  67 ++++++
 .../kiali/templates/role-controlplane.yaml    |  15 ++
 .../charts/kiali/templates/role-viewer.yaml   |  96 +++++++++
 .../charts/kiali/templates/role.yaml          | 106 ++++++++++
 .../templates/rolebinding-controlplane.yaml   |  17 ++
 .../charts/kiali/templates/rolebinding.yaml   |  20 ++
 .../charts/kiali/templates/route.yaml         |  30 +++
 .../charts/kiali/templates/service.yaml       |  45 ++++
 .../kiali/templates/serviceaccount.yaml       |   9 +
 .../kiali/templates/validate-install-crd.yaml |  14 ++
 .../kiali/templates/web-root-configmap.yaml   |  12 ++
 .../100.0.3+up1.10.4/charts/kiali/values.yaml |  98 +++++++++
 .../charts/tracing/.helmignore                |  23 +++
 .../charts/tracing/Chart.yaml                 |  12 ++
 .../100.0.3+up1.10.4/charts/tracing/README.md |   5 +
 .../charts/tracing/templates/_affinity.tpl    |  92 +++++++++
 .../charts/tracing/templates/_helpers.tpl     |  32 +++
 .../charts/tracing/templates/deployment.yaml  |  86 ++++++++
 .../charts/tracing/templates/psp.yaml         |  86 ++++++++
 .../charts/tracing/templates/pvc.yaml         |  16 ++
 .../charts/tracing/templates/service.yaml     |  63 ++++++
 .../charts/tracing/values.yaml                |  44 ++++
 .../100.0.3+up1.10.4/configs/istio-base.yaml  |  82 ++++++++
 .../100.0.3+up1.10.4/requirements.yaml        |   7 +
 .../samples/overlay-example.yaml              |  37 ++++
 .../100.0.3+up1.10.4/templates/_helpers.tpl   |  12 ++
 .../templates/admin-role.yaml                 |  43 ++++
 .../templates/base-config-map.yaml            |   7 +
 .../templates/clusterrole.yaml                | 126 ++++++++++++
 .../templates/clusterrolebinding.yaml         |  12 ++
 .../100.0.3+up1.10.4/templates/edit-role.yaml |  43 ++++
 .../templates/istio-cni-psp.yaml              |  51 +++++
 .../templates/istio-install-job.yaml          |  66 ++++++
 .../templates/istio-install-psp.yaml          |  30 +++
 .../100.0.3+up1.10.4/templates/istio-psp.yaml |  81 ++++++++
 .../templates/istio-uninstall-job.yaml        |  45 ++++
 .../templates/overlay-config-map.yaml         |   9 +
 .../templates/service-monitors.yaml           |  51 +++++
 .../templates/serviceaccount.yaml             |   5 +
 .../100.0.3+up1.10.4/templates/view-role.yaml |  41 ++++
 .../100.0.3+up1.10.4/values.yaml              | 100 +++++++++
 index.yaml                                    |  34 +++
 75 files changed, 3465 insertions(+)
 create mode 100644 assets/rancher-istio/rancher-istio-100.0.3+up1.10.4.tgz
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/Chart.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/README.md
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/app-readme.md
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/Chart.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/NOTES.txt
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/_helpers.tpl
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/cabundle.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/configmap.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/go.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/deployment.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/hpa.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/ingress.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/oauth.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/psp.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role-controlplane.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role-viewer.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/rolebinding.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/route.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/service.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/web-root-configmap.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/values.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/.helmignore
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/Chart.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/README.md
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/_affinity.tpl
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/_helpers.tpl
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/deployment.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/psp.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/pvc.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/service.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/values.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/configs/istio-base.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/requirements.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/samples/overlay-example.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/_helpers.tpl
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/admin-role.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/base-config-map.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/clusterrole.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/clusterrolebinding.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/edit-role.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-cni-psp.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-install-job.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-install-psp.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-psp.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-uninstall-job.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/overlay-config-map.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/service-monitors.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/view-role.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/values.yaml

diff --git a/assets/rancher-istio/rancher-istio-100.0.3+up1.10.4.tgz b/assets/rancher-istio/rancher-istio-100.0.3+up1.10.4.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..012ef47145a97368182ccb42086180b0984fa12d
GIT binary patch
literal 20635
zcmV*QKwrNfiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ_cjGp)Fgm|J{T2A+%<1K}D9LMD-_3o`<8~5HdhxZL%*)Nm
zQ$u7)LQD}10LoT6{r>jvU?agzt6S}!2xlg3kzk=v018!wLKVZ2KL*w!ToBqm8)GKC
z8J>iHd%)7^bUMd}hw9%>r&Ij5dvx6WTlcVgaD3c3JUTi0Tc>+)a&-JR)OkoG>Po@|
zW`FB!+*Yx3Ur51GL<JUvM!eTR$j1VQbmaM1h!8wN+c*)lMItV681|5zF1G}Sq{V?v
zfwg=VeADf8ypGrTk0kDT2S;9~5|$54kRgE}1yorrAUqE7tQFx2^w5QznU(eAdmdvS
zdPq&*7N2nelghf3_fSZp<i7H4%;=N^z+0m!>!Aq59c8y98hHw?N2oU?Oe8pzJtjW1
zr`-Vv+^qy=X*31K35|N_$$x!=_Pt}T)9RrA)PKHw+3Gy0{u)BS98BkP%d@8b?+I|h
zTYjAM&`Gyb-T$=O1SXWtdT9Tkd-#S_))liDddLqGE`YTJrD0{YgtUA*iD?9pFeA{w
zG5N`Md)jT_I8J|dy>7=lYy`l4Mq;6!ouUEe#MfhtIEW-hVvGec6ON-hBF0FJLBsb&
z=%FhZ0z-nLu@EuuwcB=(+94LeMZ1B}kTMj2z$D~egZQ#7TicgBj(di(YKn6Xg119D
zqTB%E(^2CVW_OeYyw_+sQ=-vABpNcz1xtL9FlbbbR66#0T^y)&q5A*17kr`Q`TrD$
z3Gj#B02c87qoYod{~zvm_jmk%8--4Rg?RQY389CY&4$3EbgAy`U4sxL8p-A4!-d@h
z1WN$jkuXFICUgpFefneYZ`Ha}Qwf<Bfc_J8y<_hl;V97GL{uOg;c)f`pcze=UF(+N
zpqLS=*0*`l$hSU}T)5FNFM-Kzi$P2|5sI;y8Lby`E3MW*$mv_l)H-S)w6|w??i<1w
zWe77sK8=QClrX(BI^9a*5yJs+52-ILfpQQ$i0~kkyIe*oA1B-}G1)cwV~|8a2mvAy
zA`?6Uj)sg*>hPCe#lVJif^cNfKrJN3gd_RC0C1>qlE`AhMmW|Sm3wF|ni8@iDw+U}
zxIxlj9fk<*1+WN*;Y`*X5iw2%>KhQg=FM_*Aq)bfIjN^c#A!(m5ke_d^a#pFdwUl{
z&D|vd<a9t0NRn_hO=9fd;t>SdE>J_97szLT1t5&3G)yLdCNzmeVfSc#_<+2hG>c0=
z^>7dnIm$RxyU>Ni#1nXgK7MQ|iJ^rj!SSIdF!M%#7_^5Z1T}C%O>7QAHB$u(X{IVE
z=F=zwU&udYZG&oYzLRLw*5fOOOf8Wdmquy_^AJ+FR5hvTT}g3dT74tw^R~QmwK8}u
zH7L2SxP^>R3svlUbzjR8ONPJ&MB*m}>ny}%(sL>x<jY4ZAf*cf9K4IdS-zVtBhydp
zf>pHV;L|AJ*C9YGY0r`fVZ_x>pH3!nRNw2L|LNBKFaBOu$6-kCkRTI~zu+ExL?Sta
zg+&|Fz{nzlWHgfE1JZx%j=PY1sMBcd?Y+f<OabvEjwuuR<A}>))~urIeccGOuwEG6
z#sG83J(ujK(eNWuQM;OHPSkpZpq1-L%a2H-NYapwUc(f^o|K2AYzp^&m;~_FO63a2
zR#7x>q1$8t_ICqD3^@M|3%J9xs$L<a#nHDkfJ@4R<oxyDs2*2*B5??=U_u2{Q7$GS
z6;*(ippp8vK%Itw5GEkltP1FKzrYanIE_L&z@gE?L}*sACe$k!;v^JTFd|$+m0LAJ
zF{Af0U2PdeW$o#Hqr5uQn?8w%cmQC5M)i^guLx&}lJx(P1S1ety+())u&>|5JU-8p
zWDory6-~sGfns{O9WtkcHq?(QYU4zV4Jie~0!FhQ!V!&T6Pj>^ZyeIuL@F_=mYH7t
z(mb^LVBaW#h8f0;PC$$yNtvUca6u=1IsU}w{e*=*)RgK+ubnD~6B<bZlW5e+02t-U
zeW{1v<5R!)vh%XjG)+7_Ou?{EqLJ+biTXw!%j0jVdG4xKkh;gmUmv%B!!QD-A&wXx
z;s`H-Sb@Fyaz5%`FHMZ4!8IHrl!o7@k$`(~iN&~wnrTlzw*bFk$?JatCb3eY+x;<w
za>w>Wys;{{K>zC;9UT<(zvF|W?oR*PM)~le{T!V~JYj%RdzzHLtw_u91Q1Mt&F;p)
z06lMi{Mh*Lp(Xh|i2yaV!6f~*iCP~&HV~3kyeq8*c&SW){<Qmp`Oqvu{gwO%qCowf
zYeQG+n@{`9Y=hZXWSC0!dK<NNs><y%{VZlA5<}GdJ8w7F0svBNvOk*TUbugM?xC(M
zb?YAo6B4x;4PkR@&?5W)ard~m{!b1McI$r|rPXTXjJ8r5^Q6c`8Tmt5KfK$oxkqSw
z+HKsDDCnUxy^CMb5E>H@IKV<}@*y5TXoR48FnBa#Fv0>_Lh5xB67^71ifVE<*D9se
z`6eVX&y1D-!v|z%Xa(Q#(8rGrmV{REz%lub(IiggvX(LHq*i?+>~fkgADn79z_9?v
zvj;*jGDrkWa72c{MfPfpqabwaN;w3_gva0yNF;Um%6HjArDR1uWKVuisKAu~(l^;7
z)#LP6x`Ne{DX;<Wp<kLK5X~2;d548RmVbnVi{`I&WU4p-sUuYYT#!hOa2^qergSzW
zVUCU?qqC(Cj3^C}V8r>DlK_0|e3(Ce$(~CzLy7|zfbMi!<;n9Wb^YYvCya>M;tAo-
z<d}xUcd?BDn5+SjAilO3W}~CeU8-JJ;JN+vU&sFkm_ti1m(~Qw8*KuM<iGvnBL6>;
z)pz`V3#D*iXE?kX_cu7s@pqRwrxvc3oG2@EX$?|Vj6?L)`<8^jz3)OgKuta8c>8(t
znRm)HCdfm7A`;0}j`q=G6{Wt&Qn&t%s{SAX;DYskaCmr9T>tyWJNa)b<$+|sO5R|F
zu|0F7G*a7dqp%h0-8I`B-OV_+72B;m-8c1v61cLEw-y-Fjg8?{3sY->QUkOpkSd{P
zEkLP_dsRq#==N(~KO2Gx;c`M6E#IAp<pw5+z=A}hI~a^9z0IH7sv1)ql3;F~MIFU4
zfqMawM2gp9qOHF6p|V`4Gb`@Zd_U)trI3ns|1!{JoB|9J8gUT1YG&##{caCQghTR&
zmeyO=3J&@ggE%BUP62U&1q_qWJXnZpA}IH9sL#I&I4W*KBZ0%12DYX~V-eiUlI!`D
z0p*@gC*>B5)?jKE0FOZEu}}xd<u;VGKPv-`X%M968v}K|u?)(!Jhoy&Wm~YL2j-re
z(aHVg)Ln#(Iz%eAs#eDY+u0QbF(r1wz%-pZsYu5yIkG?6a1Xxzl^*))17vl=%Pk*b
z>3qucy7UM3eVRl|5w$c%%HHT6Ke}!p<$<&;(b4RjCKC?-z5?eG@}HSd>x+Sl^uNQS
zPG0`o?;LlIcJkjgN=dByhaT<aje?8CK%NYK179ddO5NVIUgD>EiPwI(vhk0Ga0Nq&
zNm*R2Z^UwwIUW7CWdL>S9|9sC$o#*A{r|9N|35m}`TuXFd|vy%oMi>`|MIInzn~?k
zo%Mfb{oh&tS1NV<UoR>@BCVKjX8m8x|4;Ud{Qu-|=l{Q*QtdpU*mvfRC%LV=Noaj5
zy#%GVg-aS-n-z7b^|7*K81uN5&a9OgzT|uomU6zmWMoQ07{NLBaftPOBIEKm<XWCH
zt4p$`9=b}RQ+^srHE~S2c&oWw=7uO=|Hy&We#PN6iIV&J_emUwFo8(mFwbjBRUL0?
zs|Y*F_Zu8*ZF>@n*(<_~nS?9fv&I@bwky{^^q@F0_cC&{mCSP@c^-pIU6B2*Q5f=@
zzx-@Xx;#8Vv<$M6k)qh*IwlJ1YV`5rD(inf|F{0%ztO=4d%yzzf7CfC>HqsjJN<tv
z#a%H2DIaF5<DYa;r`-D@+(1o7sBr5Tq2?IEiO0w7F{QUnxx;W_TX>;<m>W;!+O0bv
zqp@iAP_uQ^tau+l2m)Gq{WW`N07J^4rQRv4FQL&3^@}II4-i0*ZZ!k!-_qgmHJM07
zrQ1Mh=Zs6asV7TeE6r{gRo}W&gpfsY_S2AH?#i4b?xALP|HSKf9k1I=FTBXg5iZ=s
zY3fT^o=+!D2N}%`tW!FT1SS!%iaR`&V`_`Ka8nr9T7OJAzLmGEvMUAX<HufQ6@BN*
zX&Iuadq2oxdv*T${Pg;~|Mv9FdF~>Rx@e^^%{iXtfm$dR*EbjM6pZW3)3Z82i>GoC
z?ziu*&d&Q6Z?A7oU%#$H&-C5B*ywu3Dwp#n`co-<HTYX9yt%l#dUw@7e|!3m*XOSm
zG`MI^&TaAf{OsM^SJ(aP*XQS#OE;u$J9)Y5R;HC)Bj(PP)K=RA61Dlb`J&nKm6mD?
zW+SD}wiC|UA@y<C#&O)%_sMyiC6UL+xi6f%ZoFzL83!j_E!QP=e^C4St48#GIFNHn
zZiKnIJQ?Vk^_2>|!MSx?O>0wO8O&@|W8J97ZhplQ!>B;JZu(SSp)Bz^w|`5_$x5Jw
z%Zqv7dD_rem{Buud3)VfHD_wixkS1&kh&|SHFN1xHdY$(+B=?g%Oq7-^4B=$I*P5b
z9u}^Kl@Ksc8WsJ2pm{Dg4Ei&kgquump82|cjhrh4DP4F@7kXQBsG)0WrQu9pUCM}*
zDZ8lK>E<6B6)t<uK#IshEA>6}7N)@dZO=pgYGpb7Z!;U<BKu#rTh{+hcK*LxDciOG
zZF<0K)veeX|D5}oIisHY@Z$0;|KRfCm2(R|Z}-!tx+iZEE|k6QEsd@y6;F!xKU2@z
z^q$PI{}n+#(NA$Sauq&x5hi2B6MWx8$45s8M@4()=HP6=1lcj=dabm%j3hZZpoN~K
zyX+JDM4K$1tZ8%FmB&-&^Z(7ye*U(E|M&jUe)0VO_;7dscPnKr{=e~&Lpr-Y%W*^2
z`Wi<KI$()8%5E81yoJ-+OM)@}wHw2kkb7Y3e@<gySWwoI)Kf7%mi{(azg2U<-y)Hu
zK3yMwpE3v{zRvf?*!F<OMjK4(HI9tj*48;LD)xIrnQonKFFwz;63LLV0SN+#u4mjA
zVeWE4@vt{12q{s>m3>ly$d!+@NR>)dilREA*(*llGaTaq35g(<z}m7~b7EW+9UD2l
zy0*ntg}4n)qaTDqxg+d3=hiW!a*;z&JnIhVU37<8aC&)Ba20prgY6{DPh959e@XNZ
zC%_Bjzy0IGqmuvk{_gyDD`oxj-*j$#q7z^S=H&JPj(lrQck9n`mpU!YQ^1zpdFfK;
zr4Ml6m(stl8tdC=Ub{2Ewa)<m;s-*H>Y(La^erY~!anKkv%391KT$Rd0kUBK?;I54
zzwLJpyPe(szl}0~-EABlBwJ$Z1PDP@{7QeHKW25&&PNJyPES8KsUKyjTmROgVlPc^
zVg_C${~vZvO6Pz3yZ9elDTVc~qUgFV4K4?$yl$WA3&zy;M%Suf4(d`+iwi8comXpU
z4(>Ix45QQz#ppc&o{IP!LS<q!^`(Y$ejhVX5hl_jt`D~`b0C<|xh*n^D1#TsT1k88
z6$Sp5it~HI#YY$U>s&iHnxz*Dexrle66IX~Re)J@v)&l(v^1yQwlf?QIDy#+#3f~-
zhq_0dmmT$#L;~0phw_=O$3PK>M5DB4+A#Q9(+vI6@5^E7-zEcK5eVS@m<Ih++v&%Y
ziN5TVm7uY&EpfL1aVn;a;J$~Rc+Xq9M-p3mG-&H9L;^+&A2q8HP__F{z5jUDTo&(?
z@<mJ;#3A;xFz}LeW&qM}Rv}ImHRiNoKPeelH(fpEet^xm^T}3F+CsL7vMH>y+vK_|
zDTm|u*L4<~yR<H%7baCg5B;Kos{gv=3M;N8wNA!D#7?N^iWT$dW3z6fEZG0efy!ow
zz>DPn?n&|d_vB<}|JzQfl<*6OW-c$P_vBfX4}I>Q@5<litp6#2yRF54I4s3~K0es#
z|63`aH~xd1We*hpL4w-Ff7r!;ShLfQAs9qG(w}bq=lTED`RS`S=iVfE&^G4t|8D1`
z=>Oe4IOy#BzqeBM(3P11ItQ!D0NrT3OBnh^J^A%%Db4CLlqER3V>sry1g&U5BFtv?
zfR7^*A*>kX42>b2==60j5Q+RSQ7P_lWbM32<<+Aqrec<6O=_ee+?#Njc0Xw}u0f}s
z#BtnWfP)FBbZNH{y^9dxJOQq<^92wyFw4zrH1_t8xpS!=p)2j{qr+l0_V)JnG!@V*
zh#?9fQY*YwoBLRI$f=NNo%$7`3{f!#hAvaPjwPW&!L(|yYTTr$0NtF2Zt_2!*icgQ
zg-RtUs|~3nmTJ@-tv24jf8S6fx8U-i{xhVSDs4J!i!rqG%s{pDU#O)oN$ZTnI*Cgw
z%4c<x?dUH2XpdxNCqSo_$v2uF+H&Mm#=sZh?1jqwI7zt3UKc(~lO(1UGV%t_IH9K;
zpz67t8IqeKI?TOz=Aj#tLURB*OQ&qz3C5~ZQVNO&fbbNP5D#?nN6G?|my^*LSU5w2
zgoHuGpi%8+s*q4QQ*r1u8qc3!3{}rf8dZyyKxbF4bRT%uaaBnr@pM5O(%~6`NNH;l
zqugu&m4Wm5^Tzvg^;bqgJ^l6S5;n_bSAX!7Ka(|8S7p~#$1=-Uu1DJ2!mZB0r=y7c
z0jSyRp@?c*kQoIjMIwZnZ_;J*3iI)RViq(dS#9RnreiVFc4;Mr;xHcLZd1)TbQ%P5
z553X3H|1cd^wF4s;V-sZ`SHLEdW}X)XP0ZV&_7i&uSVk>`(q6VjWKs}Yvy^6<to|i
zN;9C!4vH~MBo(B1f-pyLA1e<y5B+G?s*`6~<pnjs0qLRE_V;!`xFRT|Sb1`lnVfj4
z>y3u~p%^7sb3srfWnqQm1V<*XDsvnY0xNi-3GguzV@8wFSh8Wjd}h<r26j+9v$jpU
zIj*>;-fY15)Y>zo^k-S#?_65hv#VDo2XD6Y6*3;WCXo*YGr5GboVse*^`=H5ohH}r
zJbKjyR3(`mW1Yd6Lw-o@9v8gO^s}IxrK57>4lxNmbdiG@hjLGgP{LDGU#N^)?{fz%
z-zfjq_vmg6k=r-jl*;3al-Cj;CSk7WbW9w=p1E<Y)z^A@{}+1x{4EvGd;T2V6gCR?
z3%%`fggH+pIvKB`O-cwgD0ZwYPc`Fksr-j5%TK?R=-FY{WVBhHbrcTCI(+~YU$&u^
zu@Og5#vSDTE{Vs{dnc`7_UCmBzNe3B-WH9;JR>pj$0otC<nLMdVm*ojK-_0Ih5!v_
zE>#CJ>nd(G3f)D$)_ff4#U>aY4vGH)nWT?u^^F*g$Cl|EMZ(0~)>BlkjSLk@0*XR1
zAwpv#doQT+Od~_$J5|keT7w``*?zC^!$E*(1ae0#3J|&M*Mhp^D*NoyNRTLjl-Vrm
zzZ&|q>nSxn)M#`)$;uG6R!2MXl6hRxApNNpv74kWP427@BlL*e;Yj6I)`RJ#&?ASL
zU#oW}wTPhk6w3||v#NOpPfZ=$oRn*GGpWER&rQBi+cB;uxJ@IP2EEo>mL%&SOFXV8
zh+*ywdd`%5fxgoTEftY(OhV3v;l)`!)tY5E#oVRNba{^w7TT15hRV(cWyDCGUDI(y
zl>L4;1;$7K=;KE><!GUnqK;El<=g!5!O5KJ8MHi=^Z4UO)ucpUVx~C`m;6*SARQ&e
zq}7(Q>%EK1`xp9muGRN16tUjdH2EG4K#sVfK;48$x3h{#k`90wocYu@DM=rQ^ftli
zl61G#w?*`-_8yYrW(mxvxJm7*DX!46q_Qb(odmD%3uBU(9_vQP0$OqyY#mD$i}R%(
z4tKySP+W7sDhFsDCi4c$pp}i1eUKX>BVAj8)%?m!tnx$9BCBEd0pZ5#8lVaB8BIsB
zQIKc|HzGUXM&MFLfiP^5s3rF|(_&t9Q}O`eN?iLr!66wEBfiIs28lZ8&jj{g3=A{X
zGNZ`d-JPdX0jHUfX*-}kZ+E@@ZhHhms6@j8GXX*S849SMs9QPK#u0!3HX#vMoLn^3
zmL}yBrGutBX@;VD!M(LDgn5-ev!pzv4RFEv&*A<_@%-oTU>E;kJ0-RMX{F<fu>7G5
zfpEyFRq=VR@f<yW{)>{9GOSaZ!L#SjdvYb~1*D`>#U-@NiiWZ!qXg4LXFZmRu?DIa
z{(=RsS~x|&C&a%+YOTL;8BlIXCl(RQEL~1#t}vt~DWyzii#=sjFHo!%E(SwwgVH#y
z!CoeKrn!rJ16Zp2-%`2ZDjUj>vWZa-BQ%zTqM5}Jut*rZ$dHh{=@-fUGI|*Xqnw=-
zUo;Qe(|zy04UwK)^4C%OnJ2f4AC&#}LfLPPM14xw2**-6JCCM>(MTI>jna)7q>SHc
z`D*S(2&W%H_TdYMtx}=Pdd6;Lf=rf8g0j2s?L2>P>)Dx(7+_`IQqzYjONy298N^g=
zY(&@rP1UPG2p;+us1C^4aBDZOA-Ok}B!vb~0R1us1{qnih>s~j?Z4Xc-99)t?Cd{N
z8}KW~0B$I1?P%%27fR2vPPx<wyWa5&V~Eh^$v|Bxm9mKvCM<yWWeBN$hcs=Jubj3X
zoL*jNz3siZX#75Zpq9e$P>K1dgH2&3k(_Z5`OwzHY+EGSIdJ9%Si9j)6+dANA`#9I
zOQNV`QAPjx4eEL)-o2hC*7!RiBZh_S(hR}9tQn2wQ$f&$y>!glYDO7-U+KAUFVKWU
zlv#slLGZCX5&|Z%aAt1?RO2jxYN<gHBh$W(?U;<l0&xIs_~nR`2??<Tpru=5HXhO>
z3ed5#P17MtA~PKzsGCeP^||~%%E9O^_c2mms{fqPNH7|r%MeG9UW`XE4YHf?`ccbL
ztB3Brd+#0v6!fZ7CTPcAklLA5J*OdM*hq~FhK4jkTtF;2g4`~Q^@@RDGrMRr@>3r;
zPt}t*=_p)f$H{LBV2%2(31sb+zvu}$2<b>g#I4wo&7zQ1+WVdTZrjY$mLjU1|Hg$P
zgVcQHH5xw~YmVAW4VUA9ezDsa#C#=&b9nsn<(~Q>`65K3^>V-a^5xOX?g?r-K%39<
z8<Vle+Lfm5P@4FX$R@$vv@{m$OTD{dOX0}RB;PGuV%)He1@iyV{(kZN|M;-8^Z(jP
zaecpv8Bf#0HskoEq=9$FVLNpW&-}%;lZ>1-)?LP&bL8T^s##SC4(mr`-Y0%UieKn3
zJl`3QBI{aS^>MytIV^2$a3A9`zH~!{s`FdQ$Nw=EZohW!+8TR@dy!S{n3Z>!xxgaf
zE%`oo?=`kpM)te8=Y<O;xwjUkWc>RT(7x`}g8I5scp1?E^s9sJLGGQ~3a@D8@bI9%
znc~Y_GcT)}5q@0J$U*n8Q{S8NTeqG3yR@CKsx#fAdELq0>bOc*Fri}Z5_0Pmr<uAr
zG4EqlA^+7l8RV*HE%cQ(Azqna1#W=yfcm$<JVKiqK+LGr-?OMnvWKG_%rsg7gDKJc
z#(8TW>MBzE*2gotBL=GbNVR!Cdy{ibFI^)KqKajROe}*p=QpSQS8uQTXQ!7pKVF?X
zj;N>@9@$(>QLjchUVy4tN47@ia~CxgW--iTSn_>_d=>YoZmp8TR5Vv)TW)(g99*uW
zZ&&ouO@}JOa+3%dCP1BnSRW)KS1T7MLp|z~h=_;BM}b`qDP1*(S#=~ngTN&XUZvTF
z|Dm!CmnU|8-K?)w9AS;73PGt0xL2^40%O{Q<QjS{ne}Ujv;|z#wB_@dWR}~!)b;89
zd}?N&PWOvn7wA+W*Eo{UCNz?eYbhjO=B6IpD?4hsw7JVp3s>zG&c*uZPZYT^%k|eG
z9leGrge6(dzNi?X&n*xC)k<FfV~#8ALuh`wEV}=<e^fmGIXXPt>3>@(uFG4mq3+0N
zH<=#FxvHhNZPZgG##!#tQ)f55cH7e~!(5-d<bm14k|H?sd;vgP>vL1<->>A?KgW|e
zbfW*jy?XG8^M4*66xaXB;V%F4cFM!se->Fx%%y!tT?q%Ryq4nJ15CJ_ocUnM>7A;a
zy`*$kOFvY1u6RBim>(xSwBPAW)-tvTKW_O%-~htbh{b-ZTIv6~b3D&da$IAkXa!Lf
zw4;NggCe%4#TbgFcOgvzZ$#-R1ZA%eDGpi#9OB3a*3t@~3WX5iaN+1E$DaD}@v#sg
zv~t%$c7yX!gY)Uvf5nv_vwyeMC8#af|M$BGM@9Sp!ND&6|5i#N4y%s^4(Z6#%Ua#n
zPDC2#p;vnc?i+QwS_xpR0(U#cwQ?28dq|}!t9%<XIwb+{)@aJyFgoc474FTuDO3s5
zC^{vWPG}y-L%Kb6p;(U=LfZ=&VZ}El5m-wzl`4Yf!|v@ja2z`^I=q7;uhR%XM?qB&
z)9WudLNtcR1U9m<x0S<2?#d4x$e%i@`ONt5G!POLxo%FDl;)C`z$E0EYfN@61arib
zLCd+Bm|kcKQrjsak##kD!nG*jHO4eO1IQmSYYwFK2;$2=X8uHXo~|fG1LY7KiQ+es
z&J)Z9u(lY(1T0JAa;p1nG8yRy{g94mU)CH04!k%THEv;cM_HhhAsy|gg{(f4-Hewn
zqanjwu*4S$gT@4tEM#yC!32}gXiF`LDgS>o(;ume=Mv#m2l~ONR0#{Se%gLCT(v9R
zL|co9wx~iYS)z^&&NQ#)7{ZAjdfrG~FU%zU+{|rP7M3~tzvJe<SsM$_|2w7lFGnZ4
z{eLTE4?P(sVd&oFc!KnmOyx3YZ>>Jjm$xR8*;?;@73c0r<~O>R?hP~wXDD;=lKaO1
z`?q(P1xjDUg6O?Rc?jAIc-GHQxeX5!$yPJpw>@+*tid&+0yWi~Z7O*4aOJk<i^d)j
zV~FO}R)`6F>s;DJv=R&TP9phEs!Ml-!;2bZ^}W1c2}BbPf!8Pk>Ddl69D3)jA2+24
zz{g}Ln#%1Ealx>F(M;m^v%Q%qs0x&Tu-y676+kipbT`IAI}2XXL;(8n>UBCi#uv7+
zhnR91jEs|3=Gu*X96b?8UtrTNY%~!F3&fI0!GB5wx}!-LH1<+|uRBbHy*F({8Qr+P
za-ZHBloXTI-o+4I%kIe$q}tsY5rLBUnYxF|=>%v5s(U>3S&joN3{DQhf;RS0K-KdX
z2&2m@jh<}y4nm(!z-wqxfk~YDYL9Lz;v3eP-Oi-;j*q^Bt}nQ#<35CaAGmS}Rlwv{
z-?)Q8pHV9MG#y%{eK+<Rd+1tU95I&zCuBl=hdyUl#+w^6K*qh+TvbY=Gt1F_ONGHk
ztw=GZ++Hx#e&~al`sjN}kuxK|>CqkolM}kp(6RL$Nw?WVd#Nh`;pk3Q&1BG2E^IX9
z>{C&kV~9x5LmxhxA8K}*-*$FtvSuqnerRU6LS9{q<$8wd#uTcK|0@T0fd+|vZSRws
zFm~!je++CwbT~@$1%fHCnHZ}(l(NOt`Q0~8r*e37vvvSVpnV+a)~&C&#vrwoAu|EU
zAcTyRCQ?=N`E#ijW%pC<rM12Zcdhbe3{^Y|b7&b+Ia@xMgH;;1fA?`Dh<Tvp@P4K#
z>Cesi9q*xEo;>;0SnaY$&(*VWY`iLPO!}#0*OdAo_i;#~QG2>S0D<?l$Aq#6>SkS2
zzI76vsKmz*7){3>Bd9~pew>71KQ?jio2TI&p7Cb>t<D@I@%z<!msnjWwK?{SW~>}j
z%{ZqznjG20O(7li^)&~nq{6*urjJ8?eAy(?km{$Bi}i;D!XW!*ztcHxb-Jz2{!RC&
z*E#HUj{c`}((7~#VU!J>_2o40p=MV_I->#f({QO~VHh^hx4qF93?+y(%$lyLM>$j6
zv!^Bon|Z(pWkk&Seuz1@G-&Dp3W<-oPVkf&=gf*!q%P6S&dPGj_Kmh)sTKqcf!RuG
z$jlVdD7u3;C2-f5OT0f((^@C}YLu>U_U26J+_*PL0FjW3MWeUp0~399rX+vGj7+hB
z{w>VR!$wF)B<c%#3y}&MO-2!kMtv2iR&ph+m#fUP%HX%(>8Pv?=C*rj-r486_DdbH
z+46h4f1J_Dgi5|)IK5)XctWF*Ry?Irtp#$gkvZb*p=-6@%+meGL{zv?yLfu<#NIB_
zF1_l*3LQ?1{i(s<cyb?h50CSX+=nj@jt&nx2m9KlAwruor^-{zOaYW(CM&Z6HtBV;
z#FBQfKerV8*DZ7OzbqK&+jlqT*Pgf+>$S1y{QvOquo(ZpbFjPrxs~!SE#yjJNXab!
zE0ceW#ShUai(ms41}b$0JrlWrp<h0HK%PE6I8AMr=;Oy<l?*n3EZU8hTeFxRzZ8>E
z>Bk>G{;F<$W||@nW{6XDDe9?|UVB=6{l;n9<g)tp1u_7?DM8n-4TA2s4$ja1t+~@u
z>%TvSFb2jw5wBwkn!o<LhezE~{-2Zmlim8?M)~le{Txlnq^ANrNO4FCao<cNS^P2d
z(DU}kkBx?`);Lpf01-}=zhM%FGbegN8ZbvLXs_`vkn&LEtB(XaK2S<`cBxh>>gb0o
zrkwl=DcPDU#a3y2+D4%C_NPW$ef9QQ)>Tm{V(_1NjT?$MnIxfB@d4doUDFz{RVX&D
z)w4RA3u0Kuuoz>lNz*VuMeB>F?nYZ%7S9{ARAjN@7uG<f^?s?H)*?W-uJxiJ@hk#*
zp^xJ42#2}-@EU5!K745DAckN>cyqYqS-4G=_`rCiKE+Xhp2F{$=X@QKMjv>Fo<@+?
zE_K@0dZt}GWh=FH|J1WY&JUZgDdbT8uok5X0NR<<`7<|zwe3fJEBkFPg5tbUMAuU4
z$|9Posu@9JMj|mp&A;>3-+42)9~JhOKkfBs)clVoYWACMXXKw`a-9r^<Q_F!&B`ua
zC|zf$E*y^`(^|6|ta2Vtfek1JrD3T)>np~0PJN$7oCLriSkznVzMGpt6{D1E)K*=#
zo|*%5KGGVzm*L-XsMD$(e64S36?st?RVCd)n^{y1vhrm%#**qu;OVqUu|2b^t#8%;
z*QPD?VQOe`T&DA+%9Lp5MowAU`cp*<H(A_bFALqN&c?UWijF=Rv<9<$l2L0ttNbX&
zOtk1QGdz^W(T1{HZX}CTwo~IPa}KXoW$&AUT$t99+{#v|9>$EHdf8_gG3AF(LrQOx
z7&UPm^Y*mcM9o)eg=Uq&o3{H*!7P)>Jr#C&cna%+|7h-`JIFk%gk`y@8l|Tr5a{Vs
z_ao1mpUkp&raDpsr1{L5Fd6v@oP7Zj<?m`3x{B&jyiAUbnJ5ckik|AZp|lO}#t62a
zCNLjci@!Z;Si}GcPb1bELq;VlEC(SgnXmHKKh)GQvy7=J*KB5QRNi*<RsRM0imMr0
zUbtoW)~;K)f$|kET|9CccCN}5Q2NH%+y4Cj{?5N@x^JI;#oZn4c@s6g=S}y~|1BRi
zpA{|=rQ7|2Hg$vRwvxZDl>RLJ_{x~aA7})uv3-dV$QmwEBYRUd0@>S#9D%Afw=)8%
zKq}RcD;UB38x_3cX?g)QqAe3r+MR&U(9;3tP+Z|sR;6NDXlb|Wpgnu$_CiqxHNo<M
ztVa$_or=v;pUV=jTXi1ydzErMH{_o(W+P?Hww7#k3$rDpI%@;>90PbIXRE1Omf7c2
zEO(pXC^!w{F@Bp&Q1^Jf-rvChF-pav?wWtBQNFU9g*vF*zhaHN$lh*NcT_fUhGXr2
zM}T{$mlsB&;@<a|qoz7+_R^zL?a$bBr;`C*J=dCT;|@_d*H)sZJxf78Fl`|4(2Y9r
zRf=s^Z-{7wZolULTOZfbC_AWMxSyIfy!4<ZHymTke}GwbVcBBTbgGv|rVR5_j)m@y
zY^p6n?)g#?s2`mN9T#()C71Z89-iXK*>a;){;GbkigmX*W{TH+nlaPIc~1U}W!xtg
z3!yo`j7kPps8d1sa)k;5OqD@?h3@B^kZb_K91WUkhiIy!hRhx)MF7{CX_YxE+w^Rk
zm9)v#sE|DzV_3ebgOZUfa@mtJN1?o+FvKK8&7Wz40um^bpg}z6T0$xuub#GA9E=4q
zgZ_=@dCxrbFCt9TN*%KJg*AL?6br;pgC5>dcI%;YqD-C=y7m%cYHTnH$WR5?D}FyE
zSi#pA<>(^uF#$Zi@?yzPyAtg`%^D{|G-r77!s!<>Ja8X}#3v%0Arb{d+two;eK`*+
zjfTJ4m{p4E?kcQjk!BGu%_p;^TN~D(V%?f(73MBSb*P%MA-3II3qZ~a*=*Jt8Nb*Z
z!b_e1`B>*wS<@GM(fR+;VYhJp*X<nc@6P|WQ8s0@#r&aJmQd@5T9L}U)+FxQQa^rd
z*?Ct=4O%Uc<WrEUo>jIIrUv&cY{{VpfQz>_ZAkn92%IMXiGBlLq&TJ*+&s^7`P}Co
z;00y5^{>Wqg5&iVz@qz~$0sMn^}m0(^Z(gO`IPH-Tg%oWXY%`MujxNiXzl0d4b_SN
zj0m8zdyq*S&hjqvs3pZG5+fT1{uX9VMmZIXU8OY}7QR!uNNPCsC#d%gq7#yeo~Y@b
zcsEhAcnID!ea+;@oH*9jnY)~e3tDpGj#4>P!n<~Wk1^+n2pdZ}LzG0w$HqrplT{~>
zkd^bD=*vDxf$=MU;uyGfPi%;{n(<7LzNVA(zCnp-lB6SuK#HP)#(QEemZ+fY+9=@T
z@C6z&I!S3+kEe-3=PJcdtLIXwo|n_r^1WAbbu&{YYhV^s&P5Qj-2^rLkU%8*B<RNs
zhUC7s4QGMP0q+i1&Q)SVxRsW-Ito|V^p=BNwihjGqWs0YmK>WjYUV86HSN?|#^<$S
zR#!7KFxNmY8KU!0P53oAy9;bj3K|>p|E2c->@=&b5__*G1}xhDk4pZ(>d|ih-$Jn_
zuR1naKIqodvnV&rjliHKii&)%6|#kzU~5PYYsd{Yf{`FX%J1j0W%Nd0-Dn^b5bo0{
zuy;`pH5FQY4Y8lZf=pB_3nE}*u5oGipj_;n<|Pd{%4+LtQaIv0bZCC+n<8&@^_oUx
zkwm)D*J~KQYu2`S8mgqu5TFT6D4W^ulZc2OY7S-s_{ykgP<?D+*CVCikf?_`wHSU6
zI7XcO0S}4V7;xNofv$zxk1-bv@C0FBkg2)>7=g;XQ$*~z9x-$2rJopJegD3%;jKEB
zDLR4*l}Sd2OWFVx_IqE!Dv+MVyb?D7^~k-VchLh-D<oV<8L%Iu@YW}ogVXmnH<xQr
zEJbH5MC{_keqVuRUyuo4)%|}&SGNHy*#8eY`=$NA(>d7f|Jx{!ZvP+A&$9V{N1dJD
zL@SU_i*mq-_U&ch1$+P5<&Q|+fL(_Bn4Cd<KTi4_d>REj&#5c;vMhKsVlc{wnQI|)
z#kLvKK&ySJV^=_U9OBvAR6MC?rdQY3=*_Y+#N19X;7V1qn{^IA^+x>(`}G}VG!Z0P
zt`8&HAC*4XI?hUFGU6AZ5pt)1J1XsE`!s<G7g%sD)9DfU+!OA*vs}Lxjf&q7OosAw
z#i(EmpRWUN;a;Hc&emNn?yy8~FJu?DvsAtyd1Y4~wyY}u>COFN?LXb);`#6X;mI!k
z`&P=MlmBdBnC**z+P~+*#NKtp!3Bce>E(sZ`KZ$Qnq8@|4VXP@nT<f71mT$UGq9!2
zu3}Rd6E5h8;mLAagF0%e+ZV3v%j!OVn?zdE{}eqR(f-iD|Fjgat<(|W+roQiTgCn@
z9@X!v+3OnmVG<^+Bo}n|m!rzid_G5HTT(vw^d#5`7mvBDy8lmzufie&YjwSjcij4I
zI%&m}hI3?sMf-nef4{K*AD!&{zqV5z-Tq%Y!L}<Cq$Z$${`4jj5&rqp8+1u&Sa(YF
z+jP<&B*P&v&6)c?j<HXKWAj*eVnjovL6{R96_a4yvl0g(V|<a&HdiZ2P_IzZuzufj
zyJu<h0DY??_Gj&$YmC^SZ}mov2kOjjgZ>MbhuHrYnFAK>|0nxJ{r{-b*~S0fO8Fx8
z|HrcR&)N0Gm;nxWKQzbI3%2<ib)qjTBlG35yF#&{>RqAcd>q4sM(eg1sIOOT^EJf*
z1W1LTU4HK~)%&6Px~|RIM&CS)<n*8-6J~(xHsVv~-7*{ZwQ^cr)P0{$Q~<RHAb|!Y
zzDzny@cjdjV1n--W#=~&-!|I+yUXnUOZa~r7w>-@9`E%3?Ucv8|98K@-M{Z_uM4Dr
z-8Qw`rv571)F&2&`-N|}DH5;S_Kp4wae-GDXWO>^YH{0(M_WOv9X|1;xwP)e3S}+%
zFJ^Q|LXaEuGOi$t>_5lH$3^+?u(R|3*h+bv@}D!oK8q{J8;QiFMxx3u*nMA=2M3r#
zPjltWcE8A1IAJQ-PB_n4Qt2_FT2uAax2*4LP{wj%QvWPCL#Vla5<LJq`eY`FHb+PA
zmic3qd3$B$IIPj&1mCaMsFcJuX;=#v>$PnJleL;ZvqCf)1CG}fNfkCFv0UBLS|Fa*
z2+8>V!SInIvpyy&=I}$IqLjA9xO_74Yoq=D-dpM_@PhrndvZ{`|8scU-PwP(QXcpI
zfA4*stH2xY|07>Ay*LB`eeUBaL?iboe}OpgGfkoq`tA(5H-P7QQy$dvnUUY0NpO7=
zYC}0trWmPohV}lGbNOJ3Wz`O~E<)>Vn979kVDzdOxlQPlVz)A#=1rjo+9g)y{}Bz~
zw-u9uFVz2zj*9;O$GiOB+bNHZ|LY0%nQZ=VX#k#T-E0KrL7nYiBWrG}_s2L2Lf0vK
z(ZvCMZ{B>ijO4hWy;Zo9X}so&{1UC(FV}1Se5&<b8lw=8mg3p-Z~_TVLhFZkv>Brw
zuMnT2+F#$`q+?RZsj4DV7*%*<+dQ|22?oR}Ck?6UvTO${mHe9iJ<R#jCfz%oViHO=
z^~w5(Z42A!=%=^3ue$&Lo?v#HtR?^~(*F)SMgPBp&hhbX|KCP=bo;-VV4p?p`)}QL
zmB#nqDO!s>`&KklP9X{?+sIJ4u|dk<;Kou)I36uza&yp$Xw-T*lp-3fgqE2GJ=83k
z6Lu$=`LZhi=doPC14_j*H@|dQ!2dhPoznfUgZ*9nzpa!<$NwuP*k@7(uN5ZfAC!u@
zH^7_?p}=>luCYBb2DI7wUrr2MwEmBdi}}9~4~}>7zqV2y`TBosOMi`3|Hu}6p=_}J
z1)ca<EWrX6uK%Or`akL%9qrctHp*jO|9XNwCKhm`Fj~X~G~SPU-P^M2`WIu$B7w<b
zsXr@=>_44uas3}0ob2pBTPcrj{ihS`Gp+j@r+vHX?W4M5AY-gBK5i2lBw;DoLybwI
z>viibDdz5^18|Yqx)zfvOUakOpLXTbmX-PcvO=Fz7Vv*%>@S`F@ASW|l*h;aKc~=l
zV;irN_i}7squS@dRjRzc&j1SumOlT#HXkDM;WBpdg>9~4sW(0V7T7xN8)pFHb-pSB
zDFqn(2L75Pu;0$7K`jpdm<iyBLpfLv5zEFSHYn-LqJ0VL!9ps}3*P(IyqniC20oB!
z`F7>HowM+^*unaU(F!F5j8V3fc$Dvo`fl?OitCTiHLz(2V)YJi{o(d{uoD&kP0OnC
z-xQd*Z|Qt>%SwR@<-h$>{D;o|&i=QR^62D0cY=K;Dexy?!n@C;K>Zt?DV*wU08HHL
zv_U4DV<8{XqAP$JIs+clh{N)(>@{|PA~qKA&3sSx6(cCeSd8m-j!WlV_QeFmnAQdh
zc$2<eKqcjSs=aKgvSHA8Z89myXA<y3B*geU^jR+>*TN}WEnh5y$sG(h^>1OhTwG;D
z?)cfps0?Za{bij(%Xq0zud6km+)`QsvpPwAL+q{!V5>3Q33z|avYz~>-0cU;x&bei
z|2ifAkDdK*JLQqee|CaBE(!45U^QO`w78r5Icyo}PhW?Tpxuv_<M@^BRqv0B1r{6x
z3^=coKT--f^%nIghA1G>2u*-<JX&QhOM7NOJhqNysZSn4TF-i$!hKj_{S%PDN-lUq
zsU_{Z5n1p8apkji_l^-EpqS=nqaOb&4|0p0-U)tx>9U^ux3uf8DhvJp4vY4`gM-79
zo&2|r@<`>s&*%DE6#Z89`t3e`pI^7ExBi#9_LG)H`d{~?wEmCwcm97{DUWphf5vM+
zHM-v=rQrg_Pa@q<Q+_Yd_<oeS&;z7Qbeh(eBOlJTFJUfoxLxs?n8mf9-I#at=(2R;
z^eW1uwR0tZjt>8K0tw_|6)f4`-{psW_rouz(^9cTBtohW4>I{RH3A6n>`Pw)SHNk)
zeBimr@JrHxL_hLJJR!amx#+J_)|3CtrusnsAKh-*|6_OmYdhtU%7423$0Y$?D>zH|
zf9M8R^#3r>AKw4NVDs<c|B+JZ!Tmo{GCipOhfjmr4e^{Y%8*;*v(t5Bzme*xUoDC(
zgUQ-{BL<O;{6-8a59&8!@Y>LCB!}4p`i;2Q?fgdm3S~L@58{x{CM&r7=E{8euY1%j
z`Tuqgk9PhaTPa034#zQXPp!!IDjoO=N$taj8cA!IgrQO(k*CG8RfV|C#5jmU;$yDc
z`U!^#aL<{+_PuVDLkPa0OgB5h!XLkO@R)~*{q%JOM#l!ax@0q&X<&?oA&Evm#sL;!
z;ZN}Wb;3r_L*4Ajk5L+E(mof8^<KFkq=ahLs6pQuqinZWew<_pbG=`6B)-l7nNNpR
zV-VAzuRkx=7xZU52^V}br#-U|8QCm~sK|?EC9F(m^p42;pw%1~Y^)A<#*lES)Nr3+
zwFwHAIHFy?QcRi1&A&n`@;&+!{hm+(r5=PFmS}#6L%yK>X0x6&2&HP8(R+9gjpz&Y
zbjcBP$h+Dwx*sk#mUeNgzkyAO52wD8{@<=K$LDm55z2^|nM5`6%j`4z@=U%<+g%b$
zX|zj2QjZmx;1TrWBn+kI#y~jqR_`v8Fuc}pT)xF{G=fzDwlcQiEx<PSz^9SGBm(BB
zL8_e|YJT{Taw^p1GcI7#4`7IsQ1ls$2p4RoN2r!(Q%(eBGxYIeuey%FBlPiOHsw>o
zT+)#Ev%0ZzND-@w=uc!&L(S9h4$pYgotW$JRHSlT;wZ?tPzyENG!{nGQvYqbFIzs1
zhGdj`rmLAZ=HRHUe<`^vtIWYq)J&z3fP0ZOix3V&dUwgll!P#XbME6%0qP;eQJk8w
ztrV2sF~GsQD4bnUD!wHl=rQdf$rRmcNp#BJ(nwY-yp$}8yY$e6#W88gR}PSLVqMm7
zRl`l~sO?Lka?U=qnB!Yyq)ybDr1qYr5h}2Gi`dJ~%g)^WO4F4@!1*Pk18~Pp;_@Bj
zh7zF|i}9SvX#Tl_L7!17^j0kxnOrBsA-PA*b`znGAKPQVp&0*>2d(;6F&rs9>uiRS
znG-Sdd|;wKBq3Ovp$miiV~`~N{^sWLx&*zr2Nu65e~>35LL?%B;P4fMcy_I=T|IQ<
z&Te3Y2I;GVPWmn+Q`il`XB`5Fre)S}dUkX1(|P~x>6`QG%hR)S2hvn7zi%0x<i}=6
zAPlZxn15=XU#fw#BD0t3D5Z8^zx%HL`uwN!*Tn|)##SR7)6r{~La6tFW+l*X-(9^q
zy{U#;u~UU~G}4g!L&_#t)B?V_cyr$W_Tv2Yt2NtD>24I2oTgA^Ti2&=E?=Kt^{-BE
zN+YtU8IC7$2&^xaq+DmFG)yM&M#^{flDl0~eL4lkNB~tVJl!%m4c(oICj&hJAe!oo
zAGS<ntNNX@LmLR~LiLJ?-&##X$ZzM>cvSBE<)L4?MaXfJs)m4x_2Fxga()ZCPO~(&
zXE??K5)wgxd#9Hd#xTLX?=eSBMiT)ZjUnP=G8FodskssL@gRwU+|;O|hp9DJp{keP
zS$d$K+v?53-jbSA1|`#(y7L7Jy^iv>jHMRP{N<zP;Ts&gjCKBcOHaSDfx3lR#qzT|
zYVJj;V-K^)=JaDV0e_<vsF#9^!b2?v3wtFUSs_<m!__i@3tyR#z2%vN(&AfKtMSE_
zio%2;NkqjaLJy7Q_~WposBApJ3iK+EX<;NP*0-)vusPIX{V;Q6V|Kau5-P&1vx`uM
zo>ou|4~J6FoOuxq;2C<ls9H>eXA5ieaU{qyXY$yWwZcdpMmf^~4dApAP(9Pn16!K$
zFNI%B^L9=etc{%n_29^<Q7B><39<>68s^fdu3)4SG&Jcfoo(KE=x)OGxVlg(O`|Jd
zB&ST@o>F8V$j8^YV~<5h<pC{1%k#Y5Iq;WKmOB3($9S!SUsD#{|0?Hy?sN`!`9HT(
z>bZv;bRL6W<?UB3z{oFfO!`w@O@644k-w*m{6Qmu!%G^RCW3Mwhrqs^Gi8PE4Q3+{
zsX3|Y)EudEwZh5y$`Vmy5kF3cCPR1Ma^6po|CdA~27JY=zgb!6|9e=>|Jyk^+~t4Y
zN^$k7wR8z3B+ogz)KkYjWhpX~2*e#_x5{<+Yp%f#K%{=d7aGLl=N1(X2Zk_X%zuDc
z6@9GfrEdu(*O+I!ikc3@RBfBj9Ogsxs?XjJUD&RgzlXl13>i?ZXhfoWWcWKrGz@?t
zF~$+<c>5i%gAxw<@DW-A?B7BZaL>Sb%E26|@m{+<B4V5jJfBY5x5)rl1P-Io?X(H!
z3Gnv8VfT1X{q56<>|*Qi;OqUvlb45IKU<8WK@3L$lFW=L6b){zm{CD}8hY+vtz}<O
zt=ie{WnEG}8+n4{d`ISeSH!Z1n(C~kSvgXxVc@urtbu}qL8gj0KkdG`-t<RJ`F(Sl
zov?bcSM7~Og0Un7<Bl)qq*a7sEXIxl!|JDdjy7qCm$w2btJgYCE6(S055k?%u#6oh
zv6vMrOQeUt2T?kO$COt>wG}JIxuo|wKX+ciUqV?*{-Zb%<MlPbh5BD9|7Yj0v&;Xv
zm9nWBxghzenbTL*`w0uH#63Nk3b2f*_wF<iV;vN8eQ~cfN5b2R9LOLb41Dq9)dlZ0
zS}seipwEcmNa*`HJ%kfM8_GrNG@4!eGzMez|5VI%sr4W8_!HWH_KyyW`CmGnUH-4_
zl*0PenGrlTz`hsr_&n3v+$F4D%VkU%`9tXvndW9z@)Zr?A4Em%+h8TfJYI6qG8%$0
z&ES}P$7mAI!Lwn_G*|kRdUdRLGWZRAVI)Wm>^kR|?AU#@Q+1IME=k4hkWWj)t(17C
zW7;LQk$Eequk^dsu*kVPNWg)0QdMmb;0+|Twt=aTa41nsV^c5>Tq+kb1xb7QZiQf0
z!&&T3JEUwtf&ilH8TUnKy7%Py6ZwwonQBCQ<*%J{ik;y59y&fcI&l5wCM3#ki^!4d
zp*IN^S4nir6{UYq2!r4iqp`cK>xNHXzit@E+#fll2S5cd#%I^o%wt(<v5b2wk0i=>
zgu`nRCHHxN3fO5RCmT=VI0UKS;V_$x4@V)#EvA*7V5?tBReD93o}`TG)I#c4dc@yC
z0lkavFbhsEFLXsYL%D!R{G>pig_um7P5N_l`TDZd{x6wp%cqfGG>k(W!Gq?1>l}58
z=Rf-=`@8#pTPfS$l-zk#VzzZ*C<LMXv}S4+*;Gz1Z+hsLX7ktbZe=dX<ael$aPh?-
zb}zsFrv&bnkNM)3Me_e~>HMdAbg<L^w^G(v|7T&s1+Wd-fSyj<T*P{#pWvA5ojwX;
zN+Q8id9)qUQT8Kd^nR9K@guYStCcVRxWmF9FVl9)yRz2QALcT$q_g3RAuw)uj?yOh
zL!qEMMVS~<CS{jAT%AYKROF%v5bgy;I!WXU)WmVjtC|QfOlZWx&@{8t=Q^9d=K>2D
zCLu4e*5!IRkPj<In$hStI?%0{KURaT2Q538)V{4sacrfx>)fXq2I!aObA{B({gGtN
z8OADUoDx;f=d~zj1lxrH`ws;0jhT8CZ4>~O4TM$TRISCpDq=}hLCdOT@yX^8qtFNu
zz`phbrD5e%hWi*8v2%Czp-jXWB4L)cVWCy+2zm<<1IZ0}<%;~o0>;w&{{{xYMgAY1
zPRahazsvu(o$|T%|J}y_FdM%)r2fl@0JZ&nU}2!To$ZJPg~13Q1UoKU78`2Y+zAj5
zEkLX~=wFI}u`7?dEG_>H^kLpQX5fYXAIGKmzxyXU|NpI&HSNEfAMHLOGw>FVj&r@v
z&X8+QkUxc=bB^J!y8b_b{kPjWD#d?1I^NlTw^BCK|2Ad=pKbNJO6<Hllu~Z$(<q$v
zC+Th8H4WW)|KoLT1X=IuN5D6B<=>+$$^WHt_Nn}TyC=t``(KB<^S|ws2loG+fAeb(
zopMBn=v@rawFHC?y`vW>0tk?x>Sj)>6%Z~zXvx-aOj=VMl0flrbT@_wk%$YdqTr$_
z!RUJkCuP^VDtuG%H4&Q`F1K`<?BQ>ZX{eQ#)IRBbvM=URkgx+LfK5nbJoy+v<g;0<
zT{=mmZ&RHIBe=<`*(jq|#`#-9qdn(Fu-T(Ecy*O{nQJ^7hzU!%j4#FijYayC-Ty7+
zf9#wb?9P9-Qi_~2Ws`QgegTZK?$+%_v61YYAArF5O6pBCa^qyRRuBK>MvSVsNJ)n3
z%Iec4?(aQYR7-{J#925a1HZPu%YV`+;czd2ML29FEUddFs2f5bKla+~x%UV^e8^%f
zH>>I~N=4n3<WGZAullW_#fJ}17bE<v@`hyH@K#0uQ**8=u=@NRuj)g0nJnIo=KvM6
z*lv$12SHu*vSRIAx6^RX>tC|AvC4!Wmo{!UVso)+6&&B(UcNcgfotmm^k-9lg`m;3
z;i8vsHy1IwOuc-TiuF=b99H(r4U-iFL<gGd+rd<V*Afy}-KVa&RVkl*?(Od{UsjR-
zOsK|{#lS`9KL_2S{=a|F*`5Dvr7V*FtV!|Fi-9|CvQ}AY{TmYuw2bYg<+ES~F0k<Y
z=j5Q6|9^M>yQQ*c<bjbuPeX{%(~#2JBu3472SH8Lbk0wjQY3CRpFKkz)KXSH3G=HV
zO`-txzCi);h4X@gurI3|b<(V{?TUP{O?|7<fo4+N)M<K7&CKLvT7N3&wUFSYgsJQO
zUj+nnRRl}imZcO^_e*2-RsRM03hoIPT++e7%whBteow2YuH`VXH#t%B%KmkB^@=0R
z08I$zl5XfyaZ_s+MPdxdr%b1N4J7JkSFdyuNi={VW#C#+#h7sY(o@5@uzSvr&pmZ_
z<pIi4{QnLHEvewPQcv2IWWYu8-*KnN|MyRhclSTHQkF>xP$?gtrPrp*qG2%!z*Yo6
zi-JxZ&_jPJKzAex=$-ek^MCZO-o3l|=1KeZYu@(t?!{e`kO_U^V<AHDOpObvskU)U
z+S6`3^W|>Wb;GJkysd(YDa?B+A(eJ3*Guck|9&*lu`1WUVAv<osC}k3h7BUW=(1@2
zpL9C;_1`@{-mU-bl!EQt#{!3RWLE*9?Xiko;lwN~SE0OzLJ}qS&Ra9D<ZB<8AVUH{
z51FUc^&BptW@Aeym8-7I^x`vycRP#C#4U0x9LMR;u8IfQ2!Q*H#QK2m6#bqM{}#!q
zAkaTCjDVpV4a-VP`UE=RT519$)gThJXap#L3H2HX-AG}Ia20beW;94t+Hv%If<x7R
z4_(0!7!ouMgL!v%=l!PIGpNhHp&?}`0D(!!y@oM*nx0K_{pfDYJm#+dspgEEGJr+;
zUn%}m_oREUi~qZo5;Hm_0k9s@)3D*|l#wR?QL~ZD7Jxo{Y!s3(C{uG*;g?^F6>fk{
z%9Z4-erIG1)sD3q<sLTlrffKq2u(UZ%@|(k1DPw6Kh)&A4eZnO;>`ysT$HkbUJTz-
zamj$|5Z$FTsuD?rF!RSI-1j6nKJ1}=jljXn&b|E+$NuqQ2>PdK{%w(JNckjcP+4Ft
z8zrcriQm)dt4*rYl&!TVgfYq>XysT%D`P<ogajU?%nhMEmGS>tP=-fvGmAkdWJ5lV
z&;U?#0u#z+O?AfD9N=ICtf|<J!`2i@8mI`VhjjhoRTCX}2zZvU&5x5F>UJatuMCjW
z(;4L;PYXp~-CPeHeMcJUPbcrL8fxtO!1)_0C(9M!;9ragc!O04A>BcZ$pqi`CC%hy
zIFgIA@dt@-NhII?o&cL^M~s(;-EPCkZ@t2?vK~U`m`8n=9*G%i$i=0UKh3G62HHJ7
z{`&Y48z$%S|4akyr#Vza{J{DDJ4faCpWU7R-<HaU5AEk^b|VuDSqdikFwg<@dE2Lv
z53%6wd;((3IT=N*m<BDmSG3Xdw(&L!U`QfBO*ik6@vkVSLQ12SC5%L)Ykv$u5|U_i
zF^XvV`1~IHM9FMrEzt#eRRhcks2npXi#=3>mvzugi;lWiOPYG5D^vH#ebtS(hJ`;q
zzmFMko=<phGVLixmi(~F-7S}A3>a1$)`gphQcHooT#_VX;Jk&|3-r|#hp6{WQIVFw
zQB@ANkw8z?H-91$iD#&jucZPDO2}0S@@un6RXqC2rIs>88xM{Gq7_?qS|tafRcN4!
z2>C{Hi7C}6*uE7Kye&m|OB+qQ5^bt|{c5M%oGF{0)UP<qiw3xb?tqNO+5;l1k##~Z
zN{D<X@ACF0_MEv_7xTQ1&;=RTb(MBz*E~_Wu2M;yHtsbQnb8Wiy}7NKes0W#3ymzn
zh^xJ$RwckgF!Vx0i+Fndnp<*KEM)l35+qRo_b<>_M8L#dh06?TOPf}UIp3C8T5>hW
z7QHzvE3IQ6RWf~DMX$Jgh4Ly?%zKJMb!x`rkO<U#(VPRqrITb-iV-US6+6px>3yZ*
zp`bAh>1g&tjylfM`4eN_Y*@sP*O?BbwUSK<C)=Z}mC?UuuFRV)OU#!QX3P?ErfSx#
zF>jWhISb}a&Frasyz~r0>1NsObmq*d&E)@O^}jKMQioqh{afPxSGTDD?H}*rzi*|u
z3`v{S`bHk^Gh<lOUIEpC;>{sIr9m$JEM_DUL)82`Z#UNh0M_S2{%B_SSg!>4?}pT9
z8|U{ijsj(<SNW9bP&-Db1Fc3$L$$_t?Y7p+-fDe8pM$-XfKtW4F;${Jkzh&WqvHeh
zCz)I)!y&mx%~ly#jo+Dyy@GJs#xM!PS$0%_a2zYly~e*lLs#{MY(w^fqXGC>rQ4zt
zKtH77ukP=VKp1F8k&sM?&=>5Kx5v}LOwr=i+iO{uL?gsw@Sk~&iy<<{DjJASBY{a|
z97OapBG4TPLo@)CaET{JSRrq)ttD;d6<9HwipJlxPHlyyNbXLXuN3;O7Px3s9XwM?
zXeha(-wfB>)0Gj-R!Qscyjg&z+g)Xz)%{&q|4Z_J$JcxH)1XE6zx|_5(f^~<+1>xz
zN~y|XTFPKL-}$$^!q@iu#c`aw9br$WtV}cpMua*TZ~+=u<xGcFkIRj^*Ix2BDwJsZ
z+CgLyDt2X<&mH=tBD5o%F6!3OU0c{a(_ZmHoGhFK;A56Xr)!hwH}FM17a-ENRwf|E
zkm%HbKEpBOau${=>1!>`?&1FN%Vv?e>q9H8n&j>^efUtkQc_*@PvqtsFUZt(KxHv(
z8dy$~)ic%{Z)UQ&I^OD`ro_UG<{S~o)3??Nh-Qa%g&Sn%y}%>%@nf^ts(TJu_CP9B
z$?FslO^d2B86x<-*mCjsFFoWdXvCU0|2Td1-T77j{PO$rH|JNUugj`dd75NjUtgZS
z?O)%#yE^^uynpla<$2}j27&t4UtL_CpWVE>`nmtp>FXb>fwVQ0wp?vXf%@V6=edAx
zVb)w^1+c)+-o1XU!1n*=;_`=!xBc&LZZ7+m@2+ktn|OKH?N;IV=KPJs?9J)_+rPOw
zJv+ay{JK1u^pU2Qon{uMmWBV{Kb~Lx-2cbv^?CpD^yd32=#qVB3)DICM;|}BGqU`~
zT)9K-YIdfo6zLa|DMY~eC8Gn#tL$ST;_pD@A0m@>vt4|uPgEt7ao#Y%0eNWf8?Gyz
zVCD@?B2lnW*g=vLxX}JYR@Z(PW_A{No$YXX>R!!h(+YE$Y*s7fuibs*N~V=x=MPP;
z<^pjs$2rsVoTD`D+G&6tX8`7zYHPl!)>$i(o9Py80M|1;>$8DlPD&(`k1zL1B~n7&
zj<M6Em&eWJsdBd0T9FBr%{*&PLnp^kY2MXr&{aMf9u%om=gi^EP+vaKz1E(5x`kFe
z^&7?8+_KoDOUljSQ&_onrLHWg|80~3a)JJLaCB4=|7oZHZKW*DA~(Mz`bFu9pENG&
z7e$GO4v$*X`IQoCE&=b;BsTl9MsCBTp0%BQG`T##sNvY94E=XW8JbHH>ZAqz0@Hvl
zEB{UXPnZAyxOD#8IqdGvf45TBR0R#YuAJ`$NwLhqOFH30^Xt^eU%EF?wyG8D=$5jp
z1*W-H#iv=Nifyrc9U{Hd@ZrN!<Tmv`ts=bS`rjx5<bw6Te^QSBzQ4==zn!vT>_>YI
zaoH7H8JcmPSFxRFl_Bt~>vXTq4LWCa{5;ZKDMp^{Q5G04jfIz)<tpk&xg)*Gz;Uvg
zd)>%&q%KCD%Lkp+*OH3Ip!29C<@Y^%H<nC{u*H=t$^WS9ROs~b!b3My$zl>4euv|j
zL?c8Kq3W60g9g~Yg(!G|?vxh^!gj_fY6J$Jw`yQgeXDD&-J}5EAt%IxjJC$iOK+<=
z9;wx#gsVSTZMat?zuC}z8tO(Kxf)i!xtESqtENXS6JF9iEBd-oT3hMU;wr3#J7Te)
zhkMkif@_`@;VwU{CH_Bm|M$iaPKa`!-(-(jB>x{B92M_>cXs>#cFG>Q#6s>M90`i_
zSnD|ZgM@@CepHP8TRZ~pHTHCf1H<1r;$sLyGz#fJd(e<*^g=E^EXWkpDXa4wM?qr`
zMKIEl6rRQmhU6XsbVtM({jX;pdKZN=L?iX3L`mw?C?pYh4e!-;|5{K6jXiWmCleZ>
zpU$pPKp1a$BO==BzZ(69H~53K)qm}S@u)5TV}J5#)Xo6O-6)CCkc7Y+&pmz@H=cU~
zeA{^LiHZE1GBRpB|Nk3%=qJnwO*p!Eb<P`}Np9HiNC3F4t26pr!<%xS2GITz4z1>{
z|Eu%US8vX}Nw8TP3-$kQw;2Crf2aR%r&y7$(Ktm{dM?;tahOAZXrv@JBlkJc0d&Na
zTyPYs!l`(gNoXL-S6CT5(Tpa_2bsxzA4h>rzlj3E1tWt*K!7I1XVk_}@*0i*LeHPS
zr2=}-pQD>GNTi7GqG1J67mvF!@y9k0OXgBNq|6D+;-McosJ{J@5BT!y(|N&Jo}qyH
ziLx`Qwgg21=xh;S8+LJ#y;ej}NlqjRGn%+~s26+}yL4A}WmmRd{!ah^0RR8DN7vZ^
GP67aA^)i<L

literal 0
HcmV?d00001

diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/Chart.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/Chart.yaml
new file mode 100644
index 000000000..3ae4ee4aa
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/Chart.yaml
@@ -0,0 +1,23 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-kiali-server-crd=100.0.0+up1.35.0
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Istio
+  catalog.cattle.io/namespace: istio-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1
+  catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.99-0'
+  catalog.cattle.io/release-name: rancher-istio
+  catalog.cattle.io/requests-cpu: 710m
+  catalog.cattle.io/requests-memory: 2314Mi
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: istio
+apiVersion: v1
+appVersion: 1.10.4
+description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/
+  for details.
+icon: https://charts.rancher.io/assets/logos/istio.svg
+keywords:
+- networking
+- infrastructure
+name: rancher-istio
+version: 100.0.3+up1.10.4
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/README.md b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/README.md
new file mode 100644
index 000000000..c93a4a7c8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/README.md
@@ -0,0 +1,80 @@
+# Rancher-Istio Chart
+
+Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization.
+
+See the app-readme for known issues and deprecations.
+
+## Installation Requirements
+
+#### Chart Dependencies
+- rancher-kiali-server-crd chart
+- rancher-monitoring chart or other Prometheus installation
+
+#### Install
+To install the rancher-istio chart with helm, use the following command:
+```
+helm install rancher-istio <location/of/the/rancher-istio/chart> --create-namespace -n istio-system
+```
+
+#### Uninstall
+To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see chart dependencies for list of dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal.
+
+**If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:**
+`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind   "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"`
+
+## Addons
+The addons that are included with rancher-istio are:
+
+- Kiali
+- Jaeger
+
+Each addon has additional customization and dependencies required for them to work as expected. Use the values.yaml to customize or to enable/disable each addon.
+### Kiali Addon
+
+Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard.
+
+####  Kiali Dependencies
+##### rancher-monitoring chart or other Prometheus installation
+
+This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation.
+
+####  Prometheus Configuration for Kiali
+> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding.
+
+The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces.
+
+To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. 
+
+1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape.
+1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces.
+
+####  Kiali External Services
+
+The external services that can be configured in Kiali are: Prometheus, Grafana and Tracing.
+
+##### Prometheus
+The `kiali.external_services.prometheus` url is set in the values.yaml:
+```
+http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }}
+```
+The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance.
+
+##### Grafana
+The `kiali.external_services.grafana` url is set in the values.yaml:
+```
+http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }}
+```
+The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance.
+
+##### Tracing
+The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml:
+```
+http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }}
+```
+The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance.
+
+## Jaeger Addon
+
+Jaeger allows you to trace and monitor distributed microservices.
+
+> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs.
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/app-readme.md b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/app-readme.md
new file mode 100644
index 000000000..49b823253
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/app-readme.md
@@ -0,0 +1,35 @@
+# Rancher Istio
+
+Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes:
+* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh
+* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed system. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead.
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/).
+## Known Issues
+
+#### Airgapped Environments
+If you are using this chart in an airgapped environment, you will not be able to upgrade. This is because the `istioctl` upgrade command reaches out to an external repo and it is not configurable. We are tracking the fix for this issue [here](https://github.com/rancher/rancher/issues/33402)
+
+## Deprecations
+
+#### v1alpha1 security policies
+As of 1.6, Istio removed support for `v1alpha1` security policies resource and replaced the API with `v1beta1` authorization policies. https://istio.io/latest/docs/reference/config/security/authorization-policy/
+
+If you are currently running rancher-istio <= 1.7.x, you need to migrate any existing `v1alpha1` security policies to `v1beta1` authorization policies prior to upgrading to the next minor version.
+
+> **Note:** If you attempt to upgrade prior to migrating your policy resources, you might see errors similar to:
+```
+Error: found 6 CRD of unsupported v1alpha1 security policy
+```
+```
+ Error: found 1 unsupported v1alpha1 security policy
+ ```
+ ```
+ Control Plane - policy pod - istio-policy - version: x.x.x does not match the target version x.x.x
+ ```
+ Continue with the migration steps below before retrying the upgrade process.
+
+##### Migrating Resources:
+Migration steps can be found in this [istio blog post](https://istio.io/latest/blog/2021/migrate-alpha-policy/ "istio blog post").
+
+You can also use these [quick steps](https://github.com/rancher/rancher/issues/34699#issuecomment-921995917 "quick steps") to determine if you need to follow the more extensive migration steps.
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/Chart.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/Chart.yaml
new file mode 100644
index 000000000..2393605a8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/Chart.yaml
@@ -0,0 +1,31 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-kiali-server-crd=match
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1
+  catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1
+  catalog.rancher.io/namespace: cattle-istio-system
+  catalog.rancher.io/release-name: rancher-kiali-server
+apiVersion: v2
+appVersion: v1.35.0
+description: Kiali is an open source project for service mesh observability, refer
+  to https://www.kiali.io for details. This is installed as sub-chart with customized
+  values in Rancher's Istio.
+home: https://github.com/kiali/kiali
+icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png
+keywords:
+- istio
+- kiali
+- networking
+- infrastructure
+maintainers:
+- email: kiali-users@googlegroups.com
+  name: Kiali
+  url: https://kiali.io
+name: kiali
+sources:
+- https://github.com/kiali/kiali
+- https://github.com/kiali/kiali-ui
+- https://github.com/kiali/kiali-operator
+- https://github.com/kiali/helm-charts
+version: 1.35.0
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/NOTES.txt b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/NOTES.txt
new file mode 100644
index 000000000..751019401
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/NOTES.txt
@@ -0,0 +1,5 @@
+Welcome to Kiali! For more details on Kiali, see: https://kiali.io
+
+The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon.
+
+(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}])
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/_helpers.tpl
new file mode 100644
index 000000000..5480bdbb8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/_helpers.tpl
@@ -0,0 +1,193 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Create a default fully qualified instance name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+To simulate the way the operator works, use deployment.instance_name rather than the old fullnameOverride.
+For backwards compatibility, if fullnameOverride is not kiali but deployment.instance_name is kiali,
+use fullnameOverride, otherwise use deployment.instance_name.
+*/}}
+{{- define "kiali-server.fullname" -}}
+{{- if (and (eq .Values.deployment.instance_name "kiali") (ne .Values.fullnameOverride "kiali")) }}
+  {{- .Values.fullnameOverride | trunc 63 }}
+{{- else }}
+  {{- .Values.deployment.instance_name | trunc 63 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kiali-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Identifies the log_level with the old verbose_mode and the new log_level considered.
+*/}}
+{{- define "kiali-server.logLevel" -}}
+{{- if .Values.deployment.verbose_mode -}}
+{{- .Values.deployment.verbose_mode -}}
+{{- else -}}
+{{- .Values.deployment.logger.log_level -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kiali-server.labels" -}}
+helm.sh/chart: {{ include "kiali-server.chart" . }}
+app: kiali
+{{ include "kiali-server.selectorLabels" . }}
+version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }}
+app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/part-of: "kiali"
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kiali-server.selectorLabels" -}}
+{{- $releaseName := .Release.Name -}}
+{{- $fullName := include "kiali-server.fullname" . -}}
+{{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace $fullName) -}}
+app.kubernetes.io/name: kiali
+{{- if (and .Release.IsUpgrade $deployment)}}
+app.kubernetes.io/instance: {{ (get (($deployment).metadata.labels) "app.kubernetes.io/instance") | default $fullName }}
+{{- else }}
+app.kubernetes.io/instance: {{ $fullName }}
+{{- end }}
+{{- end }}
+
+{{/*
+Used to determine if a custom dashboard (defined in .Template.Name) should be deployed.
+*/}}
+{{- define "kiali-server.isDashboardEnabled" -}}
+{{- if .Values.external_services.custom_dashboards.enabled }}
+  {{- $includere := "" }}
+  {{- range $_, $s := .Values.deployment.custom_dashboards.includes }}
+    {{- if $s }}
+      {{- if $includere }}
+        {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }}
+      {{- else }}
+        {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- $excludere := "" }}
+  {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }}
+    {{- if $s }}
+      {{- if $excludere }}
+        {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }}
+      {{- else }}
+        {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }}
+    {{- print "enabled" }}
+  {{- else }}
+    {{- print "" }}
+  {{- end }}
+{{- else }}
+  {{- print "" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default login token signing key.
+*/}}
+{{- define "kiali-server.login_token.signing_key" -}}
+{{- if .Values.login_token.signing_key }}
+  {{- .Values.login_token.signing_key }}
+{{- else }}
+  {{- randAlphaNum 16 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default web root.
+*/}}
+{{- define "kiali-server.server.web_root" -}}
+{{- if .Values.server.web_root  }}
+  {{- .Values.server.web_root | trimSuffix "/" }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- "/" }}
+  {{- else }}
+    {{- "/kiali" }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default identity cert file. There is no default if on k8s; only on OpenShift.
+*/}}
+{{- define "kiali-server.identity.cert_file" -}}
+{{- if hasKey .Values.identity "cert_file" }}
+  {{- .Values.identity.cert_file }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- "/kiali-cert/tls.crt" }}
+  {{- else }}
+    {{- "" }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default identity private key file. There is no default if on k8s; only on OpenShift.
+*/}}
+{{- define "kiali-server.identity.private_key_file" -}}
+{{- if hasKey .Values.identity "private_key_file" }}
+  {{- .Values.identity.private_key_file }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- "/kiali-cert/tls.key" }}
+  {{- else }}
+    {{- "" }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the istio namespace - default is where Kiali is installed.
+*/}}
+{{- define "kiali-server.istio_namespace" -}}
+{{- if .Values.istio_namespace }}
+  {{- .Values.istio_namespace }}
+{{- else }}
+  {{- .Release.Namespace }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift.
+*/}}
+{{- define "kiali-server.auth.strategy" -}}
+{{- if .Values.auth.strategy }}
+  {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }}
+    {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }}
+  {{- end }}
+  {{- .Values.auth.strategy }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- if not .Values.kiali_route_url }}
+      {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }}
+    {{- end }}
+    {{- "openshift" }}
+  {{- else }}
+    {{- "token" }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/cabundle.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/cabundle.yaml
new file mode 100644
index 000000000..7462b95a7
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/cabundle.yaml
@@ -0,0 +1,13 @@
+{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-cabundle
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+  annotations:
+    service.beta.openshift.io/inject-cabundle: "true"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/configmap.yaml
new file mode 100644
index 000000000..f4bfa09a1
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/configmap.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+data:
+  config.yaml: |
+    {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}}
+    {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }}
+    {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}}
+    {{- $_ := set $cm.deployment "namespace" .Release.Namespace }}
+    {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}}
+    {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }}
+    {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }}
+    {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }}
+    {{- $_ := set $cm.deployment "instance_name" (include "kiali-server.fullname" .) }}
+    {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }}
+    {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }}
+    {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }}
+    {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }}
+    {{- toYaml $cm | nindent 4 }}
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml
new file mode 100644
index 000000000..e642a3385
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml
@@ -0,0 +1,56 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: envoy
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  title: Envoy Metrics
+  discoverOn: "envoy_server_uptime"
+  items:
+  - chart:
+      name: "Pods uptime"
+      spans: 4
+      metricName: "envoy_server_uptime"
+      dataType: "raw"
+  - chart:
+      name: "Allocated memory"
+      unit: "bytes"
+      spans: 4
+      metricName: "envoy_server_memory_allocated"
+      dataType: "raw"
+      min: 0
+  - chart:
+      name: "Heap size"
+      unit: "bytes"
+      spans: 4
+      metricName: "envoy_server_memory_heap_size"
+      dataType: "raw"
+      min: 0
+  - chart:
+      name: "Upstream active connections"
+      spans: 6
+      metricName: "envoy_cluster_upstream_cx_active"
+      dataType: "raw"
+  - chart:
+      name: "Upstream total requests"
+      spans: 6
+      metricName: "envoy_cluster_upstream_rq_total"
+      unit: "rps"
+      dataType: "rate"
+  - chart:
+      name: "Downstream active connections"
+      spans: 6
+      metricName: "envoy_listener_downstream_cx_active"
+      dataType: "raw"
+  - chart:
+      name: "Downstream HTTP requests"
+      spans: 6
+      metricName: "envoy_listener_http_downstream_rq"
+      unit: "rps"
+      dataType: "rate"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/go.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/go.yaml
new file mode 100644
index 000000000..fdead4c60
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/go.yaml
@@ -0,0 +1,67 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: go
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  title: Go Metrics
+  runtime: Go
+  discoverOn: "go_info"
+  items:
+  - chart:
+      name: "CPU ratio"
+      spans: 6
+      metricName: "process_cpu_seconds_total"
+      dataType: "rate"
+      aggregations:
+      - label: "pod_name"
+        displayName: "Pod"
+  - chart:
+      name: "RSS Memory"
+      unit: "bytes"
+      spans: 6
+      metricName: "process_resident_memory_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "pod_name"
+        displayName: "Pod"
+  - chart:
+      name: "Goroutines"
+      spans: 6
+      metricName: "go_goroutines"
+      dataType: "raw"
+      aggregations:
+      - label: "pod_name"
+        displayName: "Pod"
+  - chart:
+      name: "Heap allocation rate"
+      unit: "bytes/s"
+      spans: 6
+      metricName: "go_memstats_alloc_bytes_total"
+      dataType: "rate"
+      aggregations:
+      - label: "pod_name"
+        displayName: "Pod"
+  - chart:
+      name: "GC rate"
+      spans: 6
+      metricName: "go_gc_duration_seconds_count"
+      dataType: "rate"
+      aggregations:
+      - label: "pod_name"
+        displayName: "Pod"
+  - chart:
+      name: "Next GC"
+      unit: "bytes"
+      spans: 6
+      metricName: "go_memstats_next_gc_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "pod_name"
+        displayName: "Pod"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml
new file mode 100644
index 000000000..5ecac7ff8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml
@@ -0,0 +1,44 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: kiali
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  title: Kiali Internal Metrics
+  items:
+  - chart:
+      name: "API processing duration"
+      unit: "seconds"
+      spans: 6
+      metricName: "kiali_api_processing_duration_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "route"
+        displayName: "Route"
+  - chart:
+      name: "Functions processing duration"
+      unit: "seconds"
+      spans: 6
+      metricName: "kiali_go_function_processing_duration_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "function"
+        displayName: "Function"
+      - label: "package"
+        displayName: "Package"
+  - chart:
+      name: "Failures"
+      spans: 12
+      metricName: "kiali_go_function_failures_total"
+      dataType: "raw"
+      aggregations:
+      - label: "function"
+        displayName: "Function"
+      - label: "package"
+        displayName: "Package"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml
new file mode 100644
index 000000000..50fce7056
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml
@@ -0,0 +1,43 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: micrometer-1.0.6-jvm-pool
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: JVM
+  title: JVM Pool Metrics
+  discoverOn: "jvm_buffer_total_capacity_bytes"
+  items:
+  - chart:
+      name: "Pool buffer memory used"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_buffer_memory_used_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "id"
+        displayName: "Pool"
+  - chart:
+      name: "Pool buffer capacity"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_buffer_total_capacity_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "id"
+        displayName: "Pool"
+  - chart:
+      name: "Pool buffer count"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_buffer_count"
+      dataType: "raw"
+      aggregations:
+      - label: "id"
+        displayName: "Pool"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml
new file mode 100644
index 000000000..84810095c
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml
@@ -0,0 +1,65 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: micrometer-1.0.6-jvm
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: JVM
+  title: JVM Metrics
+  discoverOn: "jvm_threads_live"
+  items:
+  - chart:
+      name: "Total live threads"
+      spans: 4
+      metricName: "jvm_threads_live"
+      dataType: "raw"
+  - chart:
+      name: "Daemon threads"
+      spans: 4
+      metricName: "jvm_threads_daemon"
+      dataType: "raw"
+  - chart:
+      name: "Loaded classes"
+      spans: 4
+      metricName: "jvm_classes_loaded"
+      dataType: "raw"
+
+  - chart:
+      name: "Memory used"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_memory_used_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "area"
+        displayName: "Area"
+      - label: "id"
+        displayName: "Space"
+  - chart:
+      name: "Memory commited"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_memory_committed_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "area"
+        displayName: "Area"
+      - label: "id"
+        displayName: "Space"
+  - chart:
+      name: "Memory max"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_memory_max_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "area"
+        displayName: "Area"
+      - label: "id"
+        displayName: "Space"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml
new file mode 100644
index 000000000..a28c4026c
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml
@@ -0,0 +1,68 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: micrometer-1.1-jvm
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: JVM
+  title: JVM Metrics
+  discoverOn: "jvm_threads_live_threads"
+  items:
+  - chart:
+      name: "Memory used"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_memory_used_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "area"
+        displayName: "Area"
+      - label: "id"
+        displayName: "Space"
+  - chart:
+      name: "Memory commited"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_memory_committed_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "area"
+        displayName: "Area"
+      - label: "id"
+        displayName: "Space"
+  - chart:
+      name: "Memory max"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_memory_max_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "area"
+        displayName: "Area"
+      - label: "id"
+        displayName: "Space"
+
+  - chart:
+      name: "Total live threads"
+      spans: 4
+      metricName: "jvm_threads_live_threads"
+      dataType: "raw"
+  - chart:
+      name: "Daemon threads"
+      spans: 4
+      metricName: "jvm_threads_daemon_threads"
+      dataType: "raw"
+  - chart:
+      name: "Threads states"
+      spans: 4
+      metricName: "jvm_threads_states_threads"
+      dataType: "raw"
+      aggregations:
+      - label: "state"
+        displayName: "State"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml
new file mode 100644
index 000000000..00e2415da
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml
@@ -0,0 +1,59 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: microprofile-1.1
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  title: MicroProfile Metrics
+  runtime: MicroProfile
+  discoverOn: "base:thread_count"
+  items:
+  - chart:
+      name: "Current loaded classes"
+      spans: 6
+      metricName: "base:classloader_current_loaded_class_count"
+      dataType: "raw"
+  - chart:
+      name: "Unloaded classes"
+      spans: 6
+      metricName: "base:classloader_total_unloaded_class_count"
+      dataType: "raw"
+  - chart:
+      name: "Thread count"
+      spans: 4
+      metricName: "base:thread_count"
+      dataType: "raw"
+  - chart:
+      name: "Thread max count"
+      spans: 4
+      metricName: "base:thread_max_count"
+      dataType: "raw"
+  - chart:
+      name: "Thread daemon count"
+      spans: 4
+      metricName: "base:thread_daemon_count"
+      dataType: "raw"
+  - chart:
+      name: "Committed heap"
+      unit: "bytes"
+      spans: 4
+      metricName: "base:memory_committed_heap_bytes"
+      dataType: "raw"
+  - chart:
+      name: "Max heap"
+      unit: "bytes"
+      spans: 4
+      metricName: "base:memory_max_heap_bytes"
+      dataType: "raw"
+  - chart:
+      name: "Used heap"
+      unit: "bytes"
+      spans: 4
+      metricName: "base:memory_used_heap_bytes"
+      dataType: "raw"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml
new file mode 100644
index 000000000..585175330
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml
@@ -0,0 +1,38 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: microprofile-x.y
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  title: MicroProfile Metrics
+  runtime: MicroProfile
+  discoverOn: "base:gc_complete_scavenger_count"
+  items:
+  - chart:
+      name: "Young GC time"
+      unit: "seconds"
+      spans: 3
+      metricName: "base:gc_young_generation_scavenger_time_seconds"
+      dataType: "raw"
+  - chart:
+      name: "Young GC count"
+      spans: 3
+      metricName: "base:gc_young_generation_scavenger_count"
+      dataType: "raw"
+  - chart:
+      name: "Total GC time"
+      unit: "seconds"
+      spans: 3
+      metricName: "base:gc_complete_scavenger_time_seconds"
+      dataType: "raw"
+  - chart:
+      name: "Total GC count"
+      spans: 3
+      metricName: "base:gc_complete_scavenger_count"
+      dataType: "raw"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml
new file mode 100644
index 000000000..7676a7c3c
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml
@@ -0,0 +1,59 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: nodejs
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Node.js
+  title: Node.js Metrics
+  discoverOn: "nodejs_active_handles_total"
+  items:
+  - chart:
+      name: "Active handles"
+      spans: 4
+      metricName: "nodejs_active_handles_total"
+      dataType: "raw"
+  - chart:
+      name: "Active requests"
+      spans: 4
+      metricName: "nodejs_active_requests_total"
+      dataType: "raw"
+  - chart:
+      name: "Event loop lag"
+      unit: "seconds"
+      spans: 4
+      metricName: "nodejs_eventloop_lag_seconds"
+      dataType: "raw"
+  - chart:
+      name: "Total heap size"
+      unit: "bytes"
+      spans: 12
+      metricName: "nodejs_heap_space_size_total_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "space"
+        displayName: "Space"
+  - chart:
+      name: "Used heap size"
+      unit: "bytes"
+      spans: 6
+      metricName: "nodejs_heap_space_size_used_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "space"
+        displayName: "Space"
+  - chart:
+      name: "Available heap size"
+      unit: "bytes"
+      spans: 6
+      metricName: "nodejs_heap_space_size_available_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "space"
+        displayName: "Space"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml
new file mode 100644
index 000000000..a4f303751
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml
@@ -0,0 +1,33 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: quarkus
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  title: Quarkus Metrics
+  runtime: Quarkus
+  items:
+  - chart:
+      name: "Thread count"
+      spans: 4
+      metricName: "vendor:thread_count"
+      dataType: "raw"
+  - chart:
+      name: "Used heap"
+      unit: "bytes"
+      spans: 4
+      metricName: "vendor:memory_heap_usage_bytes"
+      dataType: "raw"
+  - chart:
+      name: "Used non-heap"
+      unit: "bytes"
+      spans: 4
+      metricName: "vendor:memory_non_heap_usage_bytes"
+      dataType: "raw"
+  - include: "microprofile-x.y"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml
new file mode 100644
index 000000000..3aa7d66e3
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: springboot-jvm-pool
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Spring Boot
+  title: JVM Pool Metrics
+  items:
+  - include: "micrometer-1.0.6-jvm-pool"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml
new file mode 100644
index 000000000..22ea15533
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: springboot-jvm
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Spring Boot
+  title: JVM Metrics
+  items:
+  - include: "micrometer-1.0.6-jvm"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml
new file mode 100644
index 000000000..7020ddccb
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: springboot-tomcat
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Spring Boot
+  title: Tomcat Metrics
+  items:
+  - include: "tomcat"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml
new file mode 100644
index 000000000..0e94c50ef
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml
@@ -0,0 +1,22 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: thorntail
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Thorntail
+  title: Thorntail Metrics
+  discoverOn: "vendor:loaded_modules"
+  items:
+  - include: "microprofile-1.1"
+  - chart:
+      name: "Loaded modules"
+      spans: 6
+      metricName: "vendor:loaded_modules"
+      dataType: "raw"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml
new file mode 100644
index 000000000..29467e9f6
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml
@@ -0,0 +1,67 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: tomcat
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Tomcat
+  title: Tomcat Metrics
+  discoverOn: "tomcat_sessions_created_total"
+  items:
+  - chart:
+      name: "Sessions created"
+      spans: 4
+      metricName: "tomcat_sessions_created_total"
+      dataType: "raw"
+  - chart:
+      name: "Active sessions"
+      spans: 4
+      metricName: "tomcat_sessions_active_current"
+      dataType: "raw"
+  - chart:
+      name: "Sessions rejected"
+      spans: 4
+      metricName: "tomcat_sessions_rejected_total"
+      dataType: "raw"
+
+  - chart:
+      name: "Bytes sent"
+      unit: "bitrate"
+      spans: 6
+      metricName: "tomcat_global_sent_bytes_total"
+      dataType: "rate"
+      aggregations:
+      - label: "name"
+        displayName: "Name"
+  - chart:
+      name: "Bytes received"
+      unit: "bitrate"
+      spans: 6
+      metricName: "tomcat_global_received_bytes_total"
+      dataType: "rate"
+      aggregations:
+      - label: "name"
+        displayName: "Name"
+
+  - chart:
+      name: "Global errors"
+      spans: 6
+      metricName: "tomcat_global_error_total"
+      dataType: "raw"
+      aggregations:
+      - label: "name"
+        displayName: "Name"
+  - chart:
+      name: "Servlet errors"
+      spans: 6
+      metricName: "tomcat_servlet_error_total"
+      dataType: "raw"
+      aggregations:
+      - label: "name"
+        displayName: "Name"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml
new file mode 100644
index 000000000..9409adf63
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml
@@ -0,0 +1,60 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: vertx-client
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Vert.x
+  title: Vert.x Client Metrics
+  discoverOn: "vertx_http_client_connections"
+  items:
+  - chart:
+      name: "Client response time"
+      unit: "seconds"
+      spans: 6
+      metricName: "vertx_http_client_responseTime_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "path"
+        displayName: "Path"
+      - label: "method"
+        displayName: "Method"
+  - chart:
+      name: "Client request count rate"
+      unit: "ops"
+      spans: 6
+      metricName: "vertx_http_client_requestCount_total"
+      dataType: "rate"
+      aggregations:
+      - label: "path"
+        displayName: "Path"
+      - label: "method"
+        displayName: "Method"
+  - chart:
+      name: "Client active connections"
+      spans: 6
+      metricName: "vertx_http_client_connections"
+      dataType: "raw"
+  - chart:
+      name: "Client active websockets"
+      spans: 6
+      metricName: "vertx_http_client_wsConnections"
+      dataType: "raw"
+  - chart:
+      name: "Client bytes sent"
+      unit: "bytes"
+      spans: 6
+      metricName: "vertx_http_client_bytesSent"
+      dataType: "histogram"
+  - chart:
+      name: "Client bytes received"
+      unit: "bytes"
+      spans: 6
+      metricName: "vertx_http_client_bytesReceived"
+      dataType: "histogram"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml
new file mode 100644
index 000000000..384e7b107
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml
@@ -0,0 +1,59 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: vertx-eventbus
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Vert.x
+  title: Vert.x Eventbus Metrics
+  discoverOn: "vertx_eventbus_handlers"
+  items:
+  - chart:
+      name: "Event bus handlers"
+      spans: 6
+      metricName: "vertx_eventbus_handlers"
+      dataType: "raw"
+      aggregations:
+      - label: "address"
+        displayName: "Eventbus address"
+  - chart:
+      name: "Event bus pending messages"
+      spans: 6
+      metricName: "vertx_eventbus_pending"
+      dataType: "raw"
+      aggregations:
+      - label: "address"
+        displayName: "Eventbus address"
+  - chart:
+      name: "Event bus processing time"
+      unit: "seconds"
+      spans: 6
+      metricName: "vertx_eventbus_processingTime_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "address"
+        displayName: "Eventbus address"
+  - chart:
+      name: "Event bus bytes read"
+      unit: "bytes"
+      spans: 6
+      metricName: "vertx_eventbus_bytesRead"
+      dataType: "histogram"
+      aggregations:
+      - label: "address"
+        displayName: "Eventbus address"
+  - chart:
+      name: "Event bus bytes written"
+      unit: "bytes"
+      spans: 6
+      metricName: "vertx_eventbus_bytesWritten"
+      dataType: "histogram"
+      aggregations:
+      - label: "address"
+        displayName: "Eventbus address"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml
new file mode 100644
index 000000000..8439ce6e4
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: vertx-jvm
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Vert.x
+  title: JVM Metrics
+  items:
+  - include: "micrometer-1.1-jvm"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml
new file mode 100644
index 000000000..8334d47a8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml
@@ -0,0 +1,68 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: vertx-pool
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Vert.x
+  title: Vert.x Pools Metrics
+  discoverOn: "vertx_pool_ratio"
+  items:
+  - chart:
+      name: "Usage duration"
+      unit: "seconds"
+      spans: 6
+      metricName: "vertx_pool_usage_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "pool_name"
+        displayName: "Name"
+      - label: "pool_type"
+        displayName: "Type"
+  - chart:
+      name: "Usage ratio"
+      spans: 6
+      metricName: "vertx_pool_ratio"
+      dataType: "raw"
+      aggregations:
+      - label: "pool_name"
+        displayName: "Name"
+      - label: "pool_type"
+        displayName: "Type"
+  - chart:
+      name: "Queue size"
+      spans: 6
+      metricName: "vertx_pool_queue_size"
+      dataType: "raw"
+      aggregations:
+      - label: "pool_name"
+        displayName: "Name"
+      - label: "pool_type"
+        displayName: "Type"
+  - chart:
+      name: "Time in queue"
+      unit: "seconds"
+      spans: 6
+      metricName: "vertx_pool_queue_delay_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "pool_name"
+        displayName: "Name"
+      - label: "pool_type"
+        displayName: "Type"
+  - chart:
+      name: "Resources used"
+      spans: 6
+      metricName: "vertx_pool_inUse"
+      dataType: "raw"
+      aggregations:
+      - label: "pool_name"
+        displayName: "Name"
+      - label: "pool_type"
+        displayName: "Type"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml
new file mode 100644
index 000000000..b88b270a8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml
@@ -0,0 +1,62 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: vertx-server
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Vert.x
+  title: Vert.x Server Metrics
+  discoverOn: "vertx_http_server_connections"
+  items:
+  - chart:
+      name: "Server response time"
+      unit: "seconds"
+      spans: 6
+      metricName: "vertx_http_server_responseTime_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "path"
+        displayName: "Path"
+      - label: "method"
+        displayName: "Method"
+  - chart:
+      name: "Server request count rate"
+      unit: "ops"
+      spans: 6
+      metricName: "vertx_http_server_requestCount_total"
+      dataType: "rate"
+      aggregations:
+      - label: "code"
+        displayName: "Error code"
+      - label: "path"
+        displayName: "Path"
+      - label: "method"
+        displayName: "Method"
+  - chart:
+      name: "Server active connections"
+      spans: 6
+      metricName: "vertx_http_server_connections"
+      dataType: "raw"
+  - chart:
+      name: "Server active websockets"
+      spans: 6
+      metricName: "vertx_http_server_wsConnections"
+      dataType: "raw"
+  - chart:
+      name: "Server bytes sent"
+      unit: "bytes"
+      spans: 6
+      metricName: "vertx_http_server_bytesSent"
+      dataType: "histogram"
+  - chart:
+      name: "Server bytes received"
+      unit: "bytes"
+      spans: 6
+      metricName: "vertx_http_server_bytesReceived"
+      dataType: "histogram"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/deployment.yaml
new file mode 100644
index 000000000..b5737ccc6
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/deployment.yaml
@@ -0,0 +1,179 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.deployment.replicas }}
+  selector:
+    matchLabels:
+      {{- include "kiali-server.selectorLabels" . | nindent 6 }}
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      name: {{ include "kiali-server.fullname" . }}
+      labels:
+        {{- include "kiali-server.labels" . | nindent 8 }}
+        {{- if .Values.deployment.pod_labels }}
+        {{- toYaml .Values.deployment.pod_labels | nindent 8 }}
+        {{- end }}
+      annotations:
+        {{- if .Values.server.metrics_enabled }}
+        prometheus.io/scrape: "true"
+        prometheus.io/port: {{ .Values.server.metrics_port | quote }}
+        {{- else }}
+        prometheus.io/scrape: "false"
+        prometheus.io/port: ""
+        {{- end }}
+        kiali.io/runtimes: go,kiali
+        {{- if .Values.deployment.pod_annotations }}
+        {{- toYaml .Values.deployment.pod_annotations | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ include "kiali-server.fullname" . }}
+      {{- if .Values.deployment.priority_class_name }}
+      priorityClassName: {{ .Values.deployment.priority_class_name | quote }}
+      {{- end }}
+      {{- if .Values.deployment.image_pull_secrets }}
+      imagePullSecrets:
+      {{- range .Values.deployment.image_pull_secrets }}
+      - name: {{ . }}
+      {{- end }}
+      {{- end }}
+      containers:
+      - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}"
+        imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }}
+        name: {{ include "kiali-server.fullname" . }}
+        command:
+        - "/opt/kiali/kiali"
+        - "-config"
+        - "/kiali-configuration/config.yaml"
+        securityContext:
+          allowPrivilegeEscalation: false
+          privileged: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+        ports:
+        - name: api-port
+          containerPort: {{ .Values.server.port | default 20001 }}
+        {{- if .Values.server.metrics_enabled }}
+        - name: http-metrics
+          containerPort: {{ .Values.server.metrics_port | default 9090 }}
+        {{- end }}
+        readinessProbe:
+          httpGet:
+            path: {{ include "kiali-server.server.web_root" . | trimSuffix "/"  }}/healthz
+            port: api-port
+            {{- if (include "kiali-server.identity.cert_file" .) }}
+            scheme: HTTPS
+            {{- else }}
+            scheme: HTTP
+            {{- end }}
+          initialDelaySeconds: 5
+          periodSeconds: 30
+        livenessProbe:
+          httpGet:
+            path: {{ include "kiali-server.server.web_root" . | trimSuffix "/"  }}/healthz
+            port: api-port
+            {{- if (include "kiali-server.identity.cert_file" .) }}
+            scheme: HTTPS
+            {{- else }}
+            scheme: HTTP
+            {{- end }}
+          initialDelaySeconds: 5
+          periodSeconds: 30
+        env:
+        - name: ACTIVE_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: LOG_LEVEL
+          value: "{{ include "kiali-server.logLevel" . }}"
+        - name: LOG_FORMAT
+          value: "{{ .Values.deployment.logger.log_format }}"
+        - name: LOG_TIME_FIELD_FORMAT
+          value: "{{ .Values.deployment.logger.time_field_format }}" 
+        - name: LOG_SAMPLER_RATE
+          value: "{{ .Values.deployment.logger.sampler_rate }}"
+        volumeMounts:
+        {{- if .Values.web_root_override }}
+        - name: kiali-console
+          subPath: env.js
+          mountPath: /opt/kiali/console/env.js
+        {{- end }}
+        - name: {{ include "kiali-server.fullname" . }}-configuration
+          mountPath: "/kiali-configuration"
+        - name: {{ include "kiali-server.fullname" . }}-cert
+          mountPath: "/kiali-cert"
+        - name: {{ include "kiali-server.fullname" . }}-secret
+          mountPath: "/kiali-secret"
+        {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+        - name: {{ include "kiali-server.fullname" . }}-cabundle
+          mountPath: "/kiali-cabundle"
+        {{- end }}
+        {{- if .Values.deployment.resources }}
+        resources:
+        {{- toYaml .Values.deployment.resources | nindent 10 }}
+        {{- end }}
+      volumes:
+      {{- if .Values.web_root_override }}
+      - name: kiali-console
+        configMap:
+          name: kiali-console
+          items:
+          - key: env.js
+            path: env.js
+      {{- end }}
+      - name: {{ include "kiali-server.fullname" . }}-configuration
+        configMap:
+          name: {{ include "kiali-server.fullname" . }}
+      - name: {{ include "kiali-server.fullname" . }}-cert
+        secret:
+          {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+          secretName: {{ include "kiali-server.fullname" . }}-cert-secret
+          {{- else }}
+          secretName: istio.{{ include "kiali-server.fullname" . }}-service-account
+          {{- end }}
+          {{- if not (include "kiali-server.identity.cert_file" .) }}
+          optional: true
+          {{- end }}
+      - name: {{ include "kiali-server.fullname" . }}-secret
+        secret:
+          secretName: {{ .Values.deployment.secret_name }}
+          optional: true
+      {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+      - name: {{ include "kiali-server.fullname" . }}-cabundle
+        configMap:
+          name: {{ include "kiali-server.fullname" . }}-cabundle
+      {{- end }}
+      {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.affinity.pod) (.Values.deployment.affinity.pod_anti)) }}
+      affinity:
+        {{- if .Values.deployment.affinity.node }}
+        nodeAffinity:
+        {{- toYaml .Values.deployment.affinity.node | nindent 10 }}
+        {{- end }}
+        {{- if .Values.deployment.affinity.pod }}
+        podAffinity:
+        {{- toYaml .Values.deployment.affinity.pod | nindent 10 }}
+        {{- end }}
+        {{- if .Values.deployment.affinity.pod_anti }}
+        podAntiAffinity:
+        {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }}
+        {{- end }}
+      {{- end }}
+      {{- if .Values.deployment.tolerations }}
+      tolerations:
+      {{- toYaml .Values.deployment.tolerations | nindent 8 }}
+      {{- end }}
+      {{- if .Values.deployment.node_selector }}
+      nodeSelector:
+      {{- toYaml .Values.deployment.node_selector | nindent 8 }}
+      {{- end }}
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/hpa.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/hpa.yaml
new file mode 100644
index 000000000..934c4c1e9
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/hpa.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.deployment.hpa.spec }}
+---
+apiVersion: {{ .Values.deployment.hpa.api_version }}
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "kiali-server.fullname" . }}
+  {{- toYaml .Values.deployment.hpa.spec | nindent 2 }}
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/ingress.yaml
new file mode 100644
index 000000000..1268101d6
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/ingress.yaml
@@ -0,0 +1,43 @@
+{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }}
+{{- if .Values.deployment.ingress_enabled }}
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+  annotations:
+    {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}
+    {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }}
+    {{- else }}
+    # For ingress-nginx versions older than 0.20.0 use secure-backends.
+    # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948)
+    # For ingress-nginx versions 0.20.0 and later use backend-protocol.
+    {{- if (include "kiali-server.identity.cert_file" .) }}
+    nginx.ingress.kubernetes.io/secure-backends: "true"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    {{- else }}
+    nginx.ingress.kubernetes.io/secure-backends: "false"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    {{- end }}
+    {{- end }}
+spec:
+  {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }}
+  {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }}
+  {{- else }}
+  rules:
+  - http:
+      paths:
+      - path: {{ include "kiali-server.server.web_root" . }}
+        backend:
+          serviceName: {{ include "kiali-server.fullname" . }}
+          servicePort: {{ .Values.server.port }}
+    {{- if not (empty .Values.server.web_fqdn) }}
+    host: {{ .Values.server.web_fqdn }}
+    {{- end }}
+  {{- end }}
+...
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/oauth.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/oauth.yaml
new file mode 100644
index 000000000..a178bb85e
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/oauth.yaml
@@ -0,0 +1,17 @@
+{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+{{- if .Values.kiali_route_url }}
+---
+apiVersion: oauth.openshift.io/v1
+kind: OAuthClient
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+redirectURIs:
+- {{ .Values.kiali_route_url }}
+grantMethod: auto
+allowAnyScope: true
+...
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/psp.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/psp.yaml
new file mode 100644
index 000000000..f891892cc
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/psp.yaml
@@ -0,0 +1,67 @@
+{{- if .Values.global.rbac.pspEnabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "kiali-server.fullname" . }}-psp
+subjects:
+  - kind: ServiceAccount
+    name: kiali
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - {{ include "kiali-server.fullname" . }}-psp
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+spec:
+  allowPrivilegeEscalation: false
+  forbiddenSysctls:
+  - '*'
+  fsGroup:
+      ranges:
+        - max: 65535
+          min: 1
+      rule: MustRunAs
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+      rule: MustRunAsNonRoot
+  runAsGroup:
+      rule: MustRunAs
+      ranges:
+      - min: 1
+        max: 65535
+  seLinux:
+      rule: RunAsAny
+  supplementalGroups:
+      ranges:
+        - max: 65535
+          min: 1
+      rule: MustRunAs
+  volumes:
+  - configMap
+  - emptyDir
+  - projected
+  - secret
+  - downwardAPI
+  - persistentVolumeClaim
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role-controlplane.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role-controlplane.yaml
new file mode 100644
index 000000000..a22c76756
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role-controlplane.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-controlplane
+  namespace: {{ include "kiali-server.istio_namespace" . }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+rules:
+- apiGroups: [""]
+  resources:
+  - secrets
+  verbs:
+  - list
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role-viewer.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role-viewer.yaml
new file mode 100644
index 000000000..c1a766750
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role-viewer.yaml
@@ -0,0 +1,96 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-viewer
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+rules:
+- apiGroups: [""]
+  resources:
+  - configmaps
+  - endpoints
+  - pods/log
+  - pods/proxy
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: [""]
+  resources:
+  - namespaces
+  - pods
+  - replicationcontrollers
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: [""]
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+  - post
+- apiGroups: ["extensions", "apps"]
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  - statefulsets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: ["batch"]
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - networking.istio.io
+  - security.istio.io
+  resources: ["*"]
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: ["apps.openshift.io"]
+  resources:
+  - deploymentconfigs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: ["project.openshift.io"]
+  resources:
+  - projects
+  verbs:
+  - get
+- apiGroups: ["route.openshift.io"]
+  resources:
+  - routes
+  verbs:
+  - get
+- apiGroups: ["monitoring.kiali.io"]
+  resources:
+  - monitoringdashboards
+  verbs:
+  - get
+  - list
+- apiGroups: ["iter8.tools"]
+  resources:
+  - experiments
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: ["authentication.k8s.io"]
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role.yaml
new file mode 100644
index 000000000..b764570c8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/role.yaml
@@ -0,0 +1,106 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+rules:
+- apiGroups: [""]
+  resources:
+  - configmaps
+  - endpoints
+  - pods/log
+  - pods/proxy
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: [""]
+  resources:
+  - namespaces
+  - pods
+  - replicationcontrollers
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups: [""]
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+  - post
+- apiGroups: ["extensions", "apps"]
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  - statefulsets
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups: ["batch"]
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - networking.istio.io
+  - security.istio.io
+  resources: ["*"]
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - patch
+- apiGroups: ["apps.openshift.io"]
+  resources:
+  - deploymentconfigs
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups: ["project.openshift.io"]
+  resources:
+  - projects
+  verbs:
+  - get
+- apiGroups: ["route.openshift.io"]
+  resources:
+  - routes
+  verbs:
+  - get
+- apiGroups: ["monitoring.kiali.io"]
+  resources:
+  - monitoringdashboards
+  verbs:
+  - get
+  - list
+- apiGroups: ["iter8.tools"]
+  resources:
+  - experiments
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - patch
+- apiGroups: ["authentication.k8s.io"]
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml
new file mode 100644
index 000000000..5a0015836
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-controlplane
+  namespace: {{ include "kiali-server.istio_namespace" . }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "kiali-server.fullname" . }}-controlplane
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/rolebinding.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/rolebinding.yaml
new file mode 100644
index 000000000..1eaabd65f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/rolebinding.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  {{- if .Values.deployment.view_only_mode }}
+  name: {{ include "kiali-server.fullname" . }}-viewer
+  {{- else }}
+  name: {{ include "kiali-server.fullname" . }}
+  {{- end }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/route.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/route.yaml
new file mode 100644
index 000000000..27940dc96
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/route.yaml
@@ -0,0 +1,30 @@
+{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+{{- if .Values.deployment.ingress_enabled }}
+# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+    {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}}
+    annotations:
+    {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }}
+    {{- end }}
+spec:
+  {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }}
+  {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }}
+  {{- else }}
+  tls:
+    termination: reencrypt
+    insecureEdgeTerminationPolicy: Redirect
+  to:
+    kind: Service
+    targetPort: {{ .Values.server.port }}
+    name: {{ include "kiali-server.fullname" . }}
+  {{- end }}
+...
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/service.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/service.yaml
new file mode 100644
index 000000000..e7618d68f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/service.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+  annotations:
+    {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret
+    {{- end }}
+    {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }}
+    {{- if empty .Values.server.web_port }}
+    kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }}
+    {{- else }}
+    kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }}
+    {{- end }}
+    {{- end }}
+    {{- if .Values.deployment.service_annotations }}
+    {{- toYaml .Values.deployment.service_annotations | nindent 4  }}
+    {{- end }}
+spec:
+  {{- if .Values.deployment.service_type }}
+  type: {{ .Values.deployment.service_type }}
+  {{- end }}
+  ports:
+  {{- if (include "kiali-server.identity.cert_file" .) }}
+  - name: tcp
+  {{- else }}
+  - name: http
+  {{- end }}
+    protocol: TCP
+    port: {{ .Values.server.port }}
+  {{- if .Values.server.metrics_enabled }}
+  - name: http-metrics
+    protocol: TCP
+    port: {{ .Values.server.metrics_port }}
+  {{- end }}
+  selector:
+    {{- include "kiali-server.selectorLabels" . | nindent 4 }}
+  {{- if .Values.deployment.additional_service_yaml }}
+  {{- toYaml .Values.deployment.additional_service_yaml | nindent 2  }}
+  {{- end }}
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/serviceaccount.yaml
new file mode 100644
index 000000000..9151b6f6a
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/serviceaccount.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/validate-install-crd.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..b42eeb266
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/validate-install-crd.yaml
@@ -0,0 +1,14 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/web-root-configmap.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/web-root-configmap.yaml
new file mode 100644
index 000000000..970d4e4f5
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/templates/web-root-configmap.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.web_root_override }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kiali-console
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+data:
+  env.js: |
+    window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali';
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/values.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/values.yaml
new file mode 100644
index 000000000..8db88b0d9
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/kiali/values.yaml
@@ -0,0 +1,98 @@
+# 'fullnameOverride' is deprecated. Use 'deployment.instance_name' instead.
+# This is only supported for backward compatibility and will be removed in a future version.
+# If 'fullnameOverride' is not "kiali" and 'deployment.instance_name' is "kiali",
+# then 'deployment.instance_name' will take the value of 'fullnameOverride' value.
+# Otherwise, 'fullnameOverride' is ignored and 'deployment.instance_name' is used.
+fullnameOverride: "kiali"
+
+# This is required for "openshift" auth strategy.
+# You have to know ahead of time what your Route URL will be because
+# right now the helm chart can't figure this out at runtime (it would
+# need to wait for the Kiali Route to be deployed and for OpenShift
+# to start it up). If someone knows how to update this helm chart to
+# do this, a PR would be welcome.
+kiali_route_url: ""
+
+# rancher specific override that allows proxy access to kiali url
+web_root_override: true
+
+#
+# Settings that mimic the Kiali CR which are placed in the ConfigMap.
+# Note that only those values used by the Helm Chart will be here.
+#
+
+istio_namespace: "" # default is where Kiali is installed
+
+auth:
+  openid: {}
+  openshift: {}
+  strategy: ""
+
+deployment:
+  # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything.
+  # For more control over what the Kial Service Account can see, use the Kiali Operator
+  accessible_namespaces:
+  - "**"
+  additional_service_yaml: {}
+  affinity:
+    node: {}
+    pod: {}
+    pod_anti: {}
+  custom_dashboards:
+    excludes: ['']
+    includes: ['*']
+  hpa:
+    api_version: "autoscaling/v2beta2"
+    spec: {}
+  repository: rancher/mirrored-kiali-kiali
+  image_pull_policy: "Always"
+  image_pull_secrets: []
+  tag: v1.35.0
+  ingress_enabled: true
+  instance_name: "kiali"
+  logger:
+    log_format: "text"
+    log_level: "info"
+    time_field_format: "2006-01-02T15:04:05Z07:00"
+    sampler_rate: "1"
+  node_selector: {}
+  override_ingress_yaml:
+    metadata: {}
+  pod_annotations: {}
+  pod_labels: {}
+  priority_class_name: ""
+  replicas: 1
+  resources: {}
+  secret_name: "kiali"
+  service_annotations: {}
+  service_type: ""
+  tolerations: []
+  version_label: v1.35.0
+  view_only_mode: false
+
+external_services:
+  custom_dashboards:
+    enabled: true
+
+identity: {}
+  #cert_file:
+  #private_key_file:
+
+login_token:
+  signing_key: ""
+
+server:
+  port: 20001
+  metrics_enabled: true
+  metrics_port: 9090
+  web_root: ""
+
+# Common settings used among istio subcharts.
+global:
+  # Specify rancher clusterId of external tracing config
+  # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032
+  cattle:
+    systemDefaultRegistry: ""
+    clusterId:
+  rbac:
+    pspEnabled: false
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/.helmignore b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/Chart.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/Chart.yaml
new file mode 100644
index 000000000..6e368616d
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/os: linux
+  catalog.rancher.io/certified: rancher
+  catalog.rancher.io/namespace: istio-system
+  catalog.rancher.io/release-name: rancher-tracing
+apiVersion: v1
+appVersion: 1.20.0
+description: A quick start Jaeger Tracing installation using the all-in-one demo.
+  This is not production qualified. Refer to https://www.jaegertracing.io/ for details.
+name: tracing
+version: 1.20.1
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/README.md b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/README.md
new file mode 100644
index 000000000..25534c628
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/README.md
@@ -0,0 +1,5 @@
+# Jaeger
+
+A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices.
+
+> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs.
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/_affinity.tpl b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/_affinity.tpl
new file mode 100644
index 000000000..bf6a9aee5
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/_affinity.tpl
@@ -0,0 +1,92 @@
+{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}}
+{{- define "nodeAffinity" }}
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+    {{- include "nodeAffinityRequiredDuringScheduling" . }}
+    preferredDuringSchedulingIgnoredDuringExecution:
+    {{- include "nodeAffinityPreferredDuringScheduling" . }}
+{{- end }}
+
+{{- define "nodeAffinityRequiredDuringScheduling" }}
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: beta.kubernetes.io/arch
+          operator: In
+          values:
+        {{- range $key, $val := .Values.global.arch }}
+          {{- if gt ($val | int) 0 }}
+          - {{ $key | quote }}
+          {{- end }}
+        {{- end }}
+        {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}}
+        {{- range $key, $val := $nodeSelector }}
+        - key: {{ $key }}
+          operator: In
+          values:
+          - {{ $val | quote }}
+        {{- end }}
+{{- end }}
+
+{{- define "nodeAffinityPreferredDuringScheduling" }}
+  {{- range $key, $val := .Values.global.arch }}
+    {{- if gt ($val | int) 0 }}
+    - weight: {{ $val | int }}
+      preference:
+        matchExpressions:
+        - key: beta.kubernetes.io/arch
+          operator: In
+          values:
+          - {{ $key | quote }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+
+{{- define "podAntiAffinity" }}
+{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}}
+  podAntiAffinity:
+    {{- if .Values.podAntiAffinityLabelSelector }}
+    requiredDuringSchedulingIgnoredDuringExecution:
+    {{- include "podAntiAffinityRequiredDuringScheduling" . }}
+    {{- end }}
+    {{- if or .Values.podAntiAffinityTermLabelSelector}}
+    preferredDuringSchedulingIgnoredDuringExecution:
+    {{- include "podAntiAffinityPreferredDuringScheduling" . }}
+    {{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "podAntiAffinityRequiredDuringScheduling" }}
+    {{- range $index, $item := .Values.podAntiAffinityLabelSelector }}
+    - labelSelector:
+        matchExpressions:
+        - key: {{ $item.key }}
+          operator: {{ $item.operator }}
+          {{- if $item.values }}
+          values:
+          {{- $vals := split "," $item.values }}
+          {{- range $i, $v := $vals }}
+          - {{ $v | quote }}
+          {{- end }}
+          {{- end }}
+      topologyKey: {{ $item.topologyKey }}
+    {{- end }}
+{{- end }}
+
+{{- define "podAntiAffinityPreferredDuringScheduling" }}
+    {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }}
+    - podAffinityTerm:
+        labelSelector:
+          matchExpressions:
+          - key: {{ $item.key }}
+            operator: {{ $item.operator }}
+            {{- if $item.values }}
+            values:
+            {{- $vals := split "," $item.values }}
+            {{- range $i, $v := $vals }}
+            - {{ $v | quote }}
+            {{- end }}
+            {{- end }}
+        topologyKey: {{ $item.topologyKey }}
+      weight: 100
+    {{- end }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/_helpers.tpl
new file mode 100644
index 000000000..56cfa7335
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "tracing.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "tracing.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/deployment.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/deployment.yaml
new file mode 100644
index 000000000..25bb67fd3
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/deployment.yaml
@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "tracing.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Values.provider }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.provider }}
+        heritage: {{ .Release.Service }}
+        release: {{ .Release.Name }}
+      annotations:
+        sidecar.istio.io/inject: "false"
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "14269"
+{{- if .Values.jaeger.podAnnotations }}
+{{ toYaml .Values.jaeger.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+      containers:
+        - name: jaeger
+          image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}"
+          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+          env:
+          {{- if eq .Values.jaeger.spanStorageType "badger" }}
+          - name: BADGER_EPHEMERAL
+            value: "false"
+          - name: SPAN_STORAGE_TYPE
+            value: "badger"
+          - name: BADGER_DIRECTORY_VALUE
+            value: "/badger/data"
+          - name: BADGER_DIRECTORY_KEY
+            value: "/badger/key"
+          {{- end }}
+          - name: COLLECTOR_ZIPKIN_HTTP_PORT
+            value: "9411"
+          - name: MEMORY_MAX_TRACES
+            value: "{{ .Values.jaeger.memory.max_traces }}"
+          - name: QUERY_BASE_PATH
+            value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 14269
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 14269
+{{- if eq .Values.jaeger.spanStorageType "badger" }}
+          volumeMounts:
+            - name: data
+              mountPath: /badger
+{{- end }}
+          resources:
+{{- if .Values.jaeger.resources }}
+{{ toYaml .Values.jaeger.resources | indent 12 }}
+{{- else }}
+{{ toYaml .Values.global.defaultResources | indent 12 }}
+{{- end }}
+      affinity:
+      {{- include "nodeAffinity" . | indent 6 }}
+      {{- include "podAntiAffinity" . | indent 6 }}
+     {{- if .Values.global.rbac.pspEnabled }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      serviceAccountName: {{ include "tracing.fullname" . }}
+      {{- end }}
+{{- if eq .Values.jaeger.spanStorageType "badger" }}
+      volumes:
+      - name: data
+{{- if .Values.jaeger.persistentVolumeClaim.enabled }}
+        persistentVolumeClaim:
+          claimName: istio-jaeger-pvc
+{{- else }}
+        emptyDir: {}
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/psp.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/psp.yaml
new file mode 100644
index 000000000..44b230492
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/psp.yaml
@@ -0,0 +1,86 @@
+{{- if .Values.global.rbac.pspEnabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "tracing.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "tracing.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "tracing.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "tracing.fullname" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "tracing.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - {{ include "tracing.fullname" . }}
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "tracing.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  allowPrivilegeEscalation: false
+  forbiddenSysctls:
+  - '*'
+  fsGroup:
+      ranges:
+        - max: 65535
+          min: 1
+      rule: MustRunAs
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+      rule: MustRunAsNonRoot
+  runAsGroup:
+      rule: MustRunAs
+      ranges:
+      - min: 1
+        max: 65535
+  seLinux:
+      rule: RunAsAny
+  supplementalGroups:
+      ranges:
+        - max: 65535
+          min: 1
+      rule: MustRunAs
+  volumes:
+  - emptyDir
+  - secret
+  - persistentVolumeClaim
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/pvc.yaml
new file mode 100644
index 000000000..9b4c55e4f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/pvc.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.jaeger.persistentVolumeClaim.enabled }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: istio-jaeger-pvc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+spec:
+  storageClassName: {{ .Values.jaeger.storageClassName }}
+  accessModes:
+    - {{ .Values.jaeger.accessMode }}
+  resources:
+    requests:
+      storage: {{.Values.jaeger.persistentVolumeClaim.storage }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/service.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/service.yaml
new file mode 100644
index 000000000..4210a9b5f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/templates/service.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: tracing
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- range $key, $val := .Values.service.annotations }}
+    {{ $key }}: {{ $val | quote }}
+    {{- end }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - name: {{ .Values.service.name }}
+      port: {{ .Values.service.externalPort }}
+      protocol: TCP
+      targetPort: 16686
+  selector:
+    app: {{ .Values.provider }}
+---
+# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin.
+apiVersion: v1
+kind: Service
+metadata:
+  name: zipkin
+  namespace: {{ .Release.Namespace }}
+  labels:
+    name: zipkin
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  ports:
+    - name: {{ .Values.service.name }}
+      port: {{ .Values.zipkin.queryPort }}
+      targetPort: {{ .Values.zipkin.queryPort }}
+  selector:
+    app: {{ .Values.provider }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: jaeger-collector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  type: ClusterIP
+  ports:
+  - name: jaeger-collector-http
+    port: 14268
+    targetPort: 14268
+    protocol: TCP
+  - name: jaeger-collector-grpc
+    port: 14250
+    targetPort: 14250
+    protocol: TCP
+  selector:
+    app: {{ .Values.provider }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/values.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/values.yaml
new file mode 100644
index 000000000..18ff81c3c
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/charts/tracing/values.yaml
@@ -0,0 +1,44 @@
+provider: jaeger
+contextPath: ""
+nodeSelector: {}
+podAntiAffinityLabelSelector: []
+podAntiAffinityTermLabelSelector: []
+nameOverride: ""
+fullnameOverride: ""
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  defaultResources: {}
+  imagePullPolicy: IfNotPresent
+  imagePullSecrets: []
+  arch:
+    amd64: 2
+    s390x: 2
+    ppc64le: 2
+  defaultNodeSelector: {}
+  rbac:
+    pspEnabled: false
+
+jaeger:
+  repository: rancher/mirrored-jaegertracing-all-in-one
+  tag: 1.20.0
+  # spanStorageType value can be "memory" and "badger" for all-in-one image
+  spanStorageType: badger
+  resources:
+    requests:
+      cpu: 10m
+  persistentVolumeClaim: 
+    enabled: false
+    storage: 5Gi
+  storageClassName: ""
+  accessMode: ReadWriteMany
+  memory:
+    max_traces: 50000
+zipkin:
+  queryPort: 9411
+service:
+  annotations: {}
+  name: http-query
+  type: ClusterIP
+  externalPort: 16686
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/configs/istio-base.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/configs/istio-base.yaml
new file mode 100644
index 000000000..c5fa6f5f0
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/configs/istio-base.yaml
@@ -0,0 +1,82 @@
+apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+spec:
+  components:
+    base:
+      enabled: {{ .Values.base.enabled }}
+    cni:
+      enabled: {{ .Values.cni.enabled }}
+    egressGateways:
+    - enabled: {{ .Values.egressGateways.enabled }}
+      name: istio-egressgateway
+    ingressGateways:
+    - enabled: {{ .Values.ingressGateways.enabled }}
+      name: istio-ingressgateway
+      k8s:
+        service:
+          ports:
+          - name: status-port
+            port: 15021
+            targetPort: 15021
+          - name: http2
+            port: 80
+            targetPort: 8080
+            nodePort: 31380
+          - name: https
+            port: 443
+            targetPort: 8443
+            nodePort: 31390
+          - name: tcp
+            port: 31400
+            targetPort: 31400
+            nodePort: 31400
+          - name: tls
+            port: 15443
+            targetPort: 15443
+    istiodRemote:
+      enabled: {{ .Values.istiodRemote.enabled }}
+    pilot:
+      enabled: {{ .Values.pilot.enabled }}
+  hub: {{ .Values.systemDefaultRegistry | default "docker.io" }}
+  profile: default
+  tag: {{ .Values.tag }}
+  revision: {{ .Values.revision }}
+  meshConfig:
+    defaultConfig:
+      proxyMetadata:
+      {{- if .Values.dns.enabled }}
+        ISTIO_META_DNS_CAPTURE: "true"
+      {{- end }}
+  values:
+    gateways:
+      istio-egressgateway:
+        name: istio-egressgateway
+        type: {{ .Values.egressGateways.type }}
+      istio-ingressgateway:
+        name: istio-ingressgateway
+        type: {{ .Values.ingressGateways.type }}
+    global:
+      istioNamespace: {{ template "istio.namespace" . }}
+      proxy:
+        image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}
+      proxy_init:
+        image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}
+      {{- if .Values.global.defaultPodDisruptionBudget.enabled }}
+      defaultPodDisruptionBudget:
+        enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }}
+      {{- end }}
+    {{- if .Values.pilot.enabled }}
+    pilot:
+      image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }}
+    {{- end }}
+    telemetry:
+      enabled: {{ .Values.telemetry.enabled }}
+      v2:
+        enabled: {{ .Values.telemetry.v2.enabled }}
+    {{- if .Values.cni.enabled }}
+    cni:
+      image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }}
+      excludeNamespaces:
+      {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }}
+      logLevel: {{ .Values.cni.logLevel }}
+    {{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/requirements.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/requirements.yaml
new file mode 100644
index 000000000..943a08326
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/requirements.yaml
@@ -0,0 +1,7 @@
+dependencies:
+- condition: kiali.enabled
+  name: kiali
+  repository: file://./charts/kiali
+- condition: tracing.enabled
+  name: tracing
+  repository: file://./charts/tracing
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/samples/overlay-example.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/samples/overlay-example.yaml
new file mode 100644
index 000000000..5cf3cf3b0
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/samples/overlay-example.yaml
@@ -0,0 +1,37 @@
+apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+spec:
+  components:
+    ingressGateways:
+    - enabled: true
+      name: ilb-gateway
+      namespace: user-ingressgateway-ns
+      k8s:
+        resources:
+          requests:
+            cpu: 200m
+        service:
+          ports:
+          - name: tcp-citadel-grpc-tls
+            port: 8060
+            targetPort: 8060
+          - name: tcp-dns
+            port: 5353
+        serviceAnnotations:
+          cloud.google.com/load-balancer-type: internal
+    - enabled: true
+      name: other-gateway
+      namespace: cattle-istio-system
+      k8s:
+        resources:
+          requests:
+            cpu: 200m
+        service:
+          ports:
+          - name: tcp-citadel-grpc-tls
+            port: 8060
+            targetPort: 8060
+          - name: tcp-dns
+            port: 5353
+        serviceAnnotations:
+          cloud.google.com/load-balancer-type: internal
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/_helpers.tpl b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/_helpers.tpl
new file mode 100644
index 000000000..3f7af953a
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/_helpers.tpl
@@ -0,0 +1,12 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "istio.namespace" -}}
+  {{- .Release.Namespace | default "istio-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/admin-role.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/admin-role.yaml
new file mode 100644
index 000000000..ad1313c4f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/admin-role.yaml
@@ -0,0 +1,43 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+  name: istio-admin
+  namespace: {{ template "istio.namespace" . }}
+rules:
+  - apiGroups:
+      - config.istio.io
+    resources:
+      - adapters
+      - attributemanifests
+      - handlers
+      - httpapispecbindings
+      - httpapispecs
+      - instances
+      - quotaspecbindings
+      - quotaspecs
+      - rules
+      - templates
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - networking.istio.io
+    resources:
+      - destinationrules
+      - envoyfilters
+      - gateways
+      - serviceentries
+      - sidecars
+      - virtualservices
+      - workloadentries
+    verbs:
+      - '*'
+  - apiGroups:
+      - security.istio.io
+    resources:
+      - authorizationpolicies
+      - peerauthentications
+      - requestauthentications
+    verbs:
+      - '*'
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/base-config-map.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/base-config-map.yaml
new file mode 100644
index 000000000..5323917bc
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/base-config-map.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: istio-installer-base
+  namespace: {{ template "istio.namespace" . }}
+data:
+{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/clusterrole.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/clusterrole.yaml
new file mode 100644
index 000000000..8eeb78758
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/clusterrole.yaml
@@ -0,0 +1,126 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: istio-installer
+rules:
+# istio groups
+- apiGroups:
+  - authentication.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - config.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - install.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - networking.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - security.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - telemetry.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+# k8s groups
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  - validatingwebhookconfigurations
+  verbs:
+  - '*'
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions.apiextensions.k8s.io
+  - customresourcedefinitions
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  - extensions
+  resources:
+  - daemonsets
+  - deployments
+  - deployments/finalizers
+  - ingresses
+  - replicasets
+  - statefulsets
+  verbs:
+  - '*'
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - '*'
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  - clusterroles
+  - roles
+  - rolebindings
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - endpoints
+  - events
+  - namespaces
+  - pods
+  - pods/exec
+  - persistentvolumeclaims
+  - secrets
+  - services
+  - serviceaccounts
+  verbs:
+  - '*'
+- apiGroups:
+  - policy
+  resourceNames:
+  - istio-installer
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/clusterrolebinding.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..9d74a0434
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: istio-installer
+subjects:
+- kind: ServiceAccount
+  name: istio-installer
+  namespace: {{ template "istio.namespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: istio-installer
+  apiGroup: rbac.authorization.k8s.io
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/edit-role.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/edit-role.yaml
new file mode 100644
index 000000000..d1059d58d
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/edit-role.yaml
@@ -0,0 +1,43 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+  namespace: {{ template "istio.namespace" . }}
+  name: istio-edit
+rules:
+  - apiGroups:
+      - config.istio.io
+    resources:
+      - adapters
+      - attributemanifests
+      - handlers
+      - httpapispecbindings
+      - httpapispecs
+      - instances
+      - quotaspecbindings
+      - quotaspecs
+      - rules
+      - templates
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - networking.istio.io
+    resources:
+      - destinationrules
+      - envoyfilters
+      - gateways
+      - serviceentries
+      - sidecars
+      - virtualservices
+      - workloadentries
+    verbs:
+      - '*'
+  - apiGroups:
+      - security.istio.io
+    resources:
+      - authorizationpolicies
+      - peerauthentications
+      - requestauthentications
+    verbs:
+      - '*'
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-cni-psp.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-cni-psp.yaml
new file mode 100644
index 000000000..5b94c8503
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-cni-psp.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.global.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: psp-istio-cni
+  namespace: {{ template "istio.namespace" . }}
+spec:
+  allowPrivilegeEscalation: true
+  fsGroup:
+      rule: RunAsAny
+  hostNetwork: true
+  runAsUser:
+      rule: RunAsAny
+  seLinux:
+      rule: RunAsAny
+  supplementalGroups:
+      rule: RunAsAny
+  volumes:
+  - secret
+  - configMap
+  - emptyDir
+  - hostPath
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: psp-istio-cni
+  namespace: {{ template "istio.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: psp-istio-cni
+subjects:
+  - kind: ServiceAccount
+    name: istio-cni
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: psp-istio-cni
+  namespace: {{ template "istio.namespace" . }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - psp-istio-cni
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-install-job.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-install-job.yaml
new file mode 100644
index 000000000..c687b6a7f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-install-job.yaml
@@ -0,0 +1,66 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: istioctl-installer
+  namespace: {{ template "istio.namespace" . }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  backoffLimit: 1
+  template:
+    spec:
+      {{- if .Values.installer.releaseMirror.enabled }}
+      hostAliases:
+      - ip: "127.0.0.1"
+        hostnames:
+        - "github.com"
+      {{- end }}
+      containers:
+        - name: istioctl-installer
+          image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }}
+          env:
+          - name: RELEASE_NAME
+            value: {{ .Release.Name }}
+          - name: ISTIO_NAMESPACE
+            value: {{ template "istio.namespace" . }}
+          - name: FORCE_INSTALL
+            value: {{ .Values.forceInstall | default "false" | quote }}
+          - name: RELEASE_MIRROR_ENABLED
+            value: {{ .Values.installer.releaseMirror.enabled | quote }}
+          - name: SECONDS_SLEEP
+            value: {{ .Values.installer.debug.secondsSleep | quote}}
+          command: ["/bin/sh","-c"]
+          args: ["/usr/local/app/scripts/run.sh"]
+          volumeMounts:
+          - name: config-volume
+            mountPath: /app/istio-base.yaml
+            subPath: istio-base.yaml
+          {{- if .Values.overlayFile }}
+          - name: overlay-volume
+            mountPath: /app/overlay-config.yaml
+            subPath: overlay-config.yaml
+          {{- end }}
+          {{- if .Values.installer.releaseMirror.additionalIstioImage.enabled }}
+          - name: {{ .Values.installer.releaseMirror.additionalIstioImage.volumeMountName }}
+            mountPath: /opt/istio-releases/{{ .Values.installer.releaseMirror.additionalIstioImage.tag }}/istio-{{ .Values.installer.releaseMirror.additionalIstioImage.tag }}-linux-amd64.tar.gz
+            subPath: istio-{{ .Values.installer.releaseMirror.additionalIstioImage.tag }}-linux-amd64.tar.gz
+          {{- end }}
+      volumes:
+        - name: config-volume
+          configMap:
+            name: istio-installer-base
+        {{- if .Values.overlayFile }}
+        - name: overlay-volume
+          configMap:
+            name: istio-installer-overlay
+        {{- end }}
+{{- if .Values.installer.releaseMirror.additionalIstioImage.enabled }}
+{{ toYaml .Values.installer.releaseMirror.additionalIstioImage.volumes | indent 8 }}
+{{- end }}
+      serviceAccountName: istio-installer
+      securityContext:
+        runAsUser: 101
+        runAsGroup: 101
+      restartPolicy: Never
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-install-psp.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-install-psp.yaml
new file mode 100644
index 000000000..f0b5ee565
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-install-psp.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.global.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: istio-installer
+  namespace: {{ template "istio.namespace" . }}
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'configMap'
+    - 'secret'
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-psp.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-psp.yaml
new file mode 100644
index 000000000..b3758b74f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-psp.yaml
@@ -0,0 +1,81 @@
+{{- if .Values.global.rbac.pspEnabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: istio-psp
+  namespace: {{ template "istio.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: istio-psp
+subjects:
+  - kind: ServiceAccount
+    name: istio-egressgateway-service-account
+  - kind: ServiceAccount
+    name: istio-ingressgateway-service-account
+  - kind: ServiceAccount
+    name: istio-mixer-service-account
+  - kind: ServiceAccount
+    name: istio-operator-authproxy
+  - kind: ServiceAccount
+    name: istiod-service-account
+  - kind: ServiceAccount
+    name: istio-sidecar-injector-service-account
+  - kind: ServiceAccount
+    name: istiocoredns-service-account
+  - kind: ServiceAccount
+    name: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: istio-psp
+  namespace: {{ template "istio.namespace" . }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - istio-psp
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: istio-psp
+  namespace: {{ template "istio.namespace" . }}
+spec:
+  allowPrivilegeEscalation: false
+  forbiddenSysctls:
+  - '*'
+  fsGroup:
+      ranges:
+        - max: 65535
+          min: 1
+      rule: MustRunAs
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+      rule: MustRunAsNonRoot
+  runAsGroup:
+      rule: MustRunAs
+      ranges:
+      - min: 1
+        max: 65535
+  seLinux:
+      rule: RunAsAny
+  supplementalGroups:
+      ranges:
+        - max: 65535
+          min: 1
+      rule: MustRunAs
+  volumes:
+  - configMap
+  - emptyDir
+  - projected
+  - secret
+  - downwardAPI
+  - persistentVolumeClaim
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-uninstall-job.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-uninstall-job.yaml
new file mode 100644
index 000000000..a7f156325
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/istio-uninstall-job.yaml
@@ -0,0 +1,45 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: istioctl-uninstaller
+  namespace: {{ template "istio.namespace" . }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    spec:
+      containers:
+        - name: istioctl-uninstaller
+          image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }}
+          env:
+          - name: RELEASE_NAME
+            value: {{ .Release.Name }}
+          - name: ISTIO_NAMESPACE
+            value: {{ template "istio.namespace" . }}
+          command: ["/bin/sh","-c"]
+          args: ["/usr/local/app/scripts/uninstall_istio_system.sh"]
+          volumeMounts:
+          - name: config-volume
+            mountPath: /app/istio-base.yaml
+            subPath: istio-base.yaml
+          {{- if .Values.overlayFile }}
+          - name: overlay-volume
+            mountPath: /app/overlay-config.yaml
+            subPath: overlay-config.yaml
+          {{ end }}
+      volumes:
+        - name: config-volume
+          configMap:
+            name: istio-installer-base
+        {{- if .Values.overlayFile }}
+        - name: overlay-volume
+          configMap:
+            name: istio-installer-overlay
+        {{ end }}
+      serviceAccountName: istio-installer
+      securityContext:
+        runAsUser: 101
+        runAsGroup: 101
+      restartPolicy: OnFailure
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/overlay-config-map.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/overlay-config-map.yaml
new file mode 100644
index 000000000..287d26b2c
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/overlay-config-map.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.overlayFile }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: istio-installer-overlay
+  namespace: {{ template "istio.namespace" . }}
+data:
+  overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/service-monitors.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/service-monitors.yaml
new file mode 100644
index 000000000..c3d60c4fc
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/service-monitors.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.kiali.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: envoy-stats-monitor
+  namespace: {{ template "istio.namespace" . }}
+  labels:
+    monitoring: istio-proxies
+spec:
+  selector:
+    matchExpressions:
+    - {key: istio-prometheus-ignore, operator: DoesNotExist}
+  namespaceSelector:
+    any: true
+  jobLabel: envoy-stats
+  endpoints:
+  - path: /stats/prometheus
+    targetPort: 15090
+    interval: 15s
+    relabelings:
+    - sourceLabels: [__meta_kubernetes_pod_container_port_name]
+      action: keep
+      regex: '.*-envoy-prom'
+    - action: labeldrop
+      regex: "__meta_kubernetes_pod_label_(.+)"
+    - sourceLabels: [__meta_kubernetes_namespace]
+      action: replace
+      targetLabel: namespace
+    - sourceLabels: [__meta_kubernetes_pod_name]
+      action: replace
+      targetLabel: pod_name
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: istio-component-monitor
+  namespace: {{ template "istio.namespace" . }}
+  labels:
+    monitoring: istio-components
+spec:
+  jobLabel: istio
+  targetLabels: [app]
+  selector:
+    matchExpressions:
+    - {key: istio, operator: In, values: [pilot]}
+  namespaceSelector:
+    any: true
+  endpoints:
+  - port: http-monitoring
+    interval: 15s
+{{- end -}}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/serviceaccount.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/serviceaccount.yaml
new file mode 100644
index 000000000..82b6cbb7e
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+    name: istio-installer
+    namespace: {{ template "istio.namespace" . }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/view-role.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/view-role.yaml
new file mode 100644
index 000000000..5947d3eba
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/templates/view-role.yaml
@@ -0,0 +1,41 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+  namespace: {{ template "istio.namespace" . }}
+  name: istio-view
+rules:
+  - apiGroups:
+      - config.istio.io
+    resources:
+      - adapters
+      - attributemanifests
+      - handlers
+      - httpapispecbindings
+      - httpapispecs
+      - instances
+      - quotaspecbindings
+      - quotaspecs
+      - rules
+      - templates
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - networking.istio.io
+    resources:
+      - destinationrules
+      - envoyfilters
+      - gateways
+      - serviceentries
+      - sidecars
+      - virtualservices
+      - workloadentries
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - security.istio.io
+    resources:
+      - authorizationpolicies
+      - peerauthentications
+      - requestauthentications
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/values.yaml b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/values.yaml
new file mode 100644
index 000000000..558e4a9b7
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.3+up1.10.4/values.yaml
@@ -0,0 +1,100 @@
+overlayFile: ""
+tag: 1.10.4
+##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install
+forceInstall: false
+
+installer:
+  repository: rancher/istio-installer
+  tag: 1.10.4-rancher5
+  ##releaseMirror are configurations for istio upgrades. 
+  ##Setting releaseMirror.enabled: true will cause istio to use bundled in images from rancher/istio-installer to perfom an upgrade - this is ideal
+  ##for airgap setups. Setting releaseMirror.enabled to false means istio will call externally to github to fetch the required assets.
+  releaseMirror:
+    enabled: false
+    ##If the image you need is not packaged with the rancher/istio-installer, create a volume mount with the istio-{{ .Values.installer.additionalIstioImage.tag }}-linux-amd64.tar.gz
+    ##file in it and set the additionalIstioImage values to connect to the volume prior to installing/upgrading your rancher-istio chart.  
+    additionalIstioImage:
+      enabled: false
+      volumeMountName: rancher-istio-additional-image
+      volumes:
+        - name: rancher-istio-additional-image
+          persistentVolumeClaim:
+            claimName: rancher-istio-additional-image
+            readOnly: false
+      tag: 1.10.4
+      
+  ##Set the secondsSleep to run a sleep command `sleep <secondsSleep>s` to allow time to exec into istio-installer pod for debugging
+  debug:
+    secondsSleep: 0
+
+##Native support for dns added in 1.8
+dns:
+  enabled: false
+
+base:
+  enabled: true
+
+cni:
+  enabled: false
+  repository: rancher/mirrored-istio-install-cni
+  tag: 1.10.4
+  logLevel: info
+  excludeNamespaces:
+  - istio-system
+  - kube-system
+
+egressGateways:
+  enabled: false
+  type: NodePort
+
+ingressGateways:
+  enabled: true
+  type: NodePort
+
+istiodRemote:
+  enabled: false
+
+pilot:
+  enabled: true
+  repository: rancher/mirrored-istio-pilot
+  tag: 1.10.4
+
+telemetry:
+  enabled: true
+  v2:
+    enabled: true
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  proxy:
+    repository: rancher/mirrored-istio-proxyv2
+    tag: 1.10.4
+  proxy_init:
+    repository: rancher/mirrored-istio-proxyv2
+    tag: 1.10.4
+  defaultPodDisruptionBudget:
+    enabled: true
+  rbac:
+    pspEnabled: true
+
+# Kiali subchart from rancher-kiali-server
+kiali:
+  enabled: true
+  auth:
+    strategy: anonymous
+  deployment:
+    ingress_enabled: false
+  external_services:
+    prometheus:
+      custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090"
+      url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090"
+    tracing:
+      in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger"
+    grafana:
+      in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80"
+      url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80"
+
+tracing:
+  enabled: false
+  contextPath: "/jaeger"
diff --git a/index.yaml b/index.yaml
index d5a86c5ea..fd6659005 100755
--- a/index.yaml
+++ b/index.yaml
@@ -2456,6 +2456,40 @@ entries:
     - assets/rancher-grafana/rancher-grafana-6.6.401.tgz
     version: 6.6.401
   rancher-istio:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-kiali-server-crd=100.0.0+up1.35.0
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Istio
+      catalog.cattle.io/namespace: istio-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1
+      catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.99-0'
+      catalog.cattle.io/release-name: rancher-istio
+      catalog.cattle.io/requests-cpu: 710m
+      catalog.cattle.io/requests-memory: 2314Mi
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: istio
+    apiVersion: v1
+    appVersion: 1.10.4
+    created: "2021-10-28T13:35:09.130005-07:00"
+    dependencies:
+    - condition: kiali.enabled
+      name: kiali
+      repository: file://./charts/kiali
+    - condition: tracing.enabled
+      name: tracing
+      repository: file://./charts/tracing
+    description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/
+      for details.
+    digest: f73e121f0af2903a5e51fd2b123045263da18ac8627b376c0dce49f6730dab26
+    icon: https://charts.rancher.io/assets/logos/istio.svg
+    keywords:
+    - networking
+    - infrastructure
+    name: rancher-istio
+    urls:
+    - assets/rancher-istio/rancher-istio-100.0.3+up1.10.4.tgz
+    version: 100.0.3+up1.10.4
   - annotations:
       catalog.cattle.io/auto-install: rancher-kiali-server-crd=100.0.0+up1.35.0
       catalog.cattle.io/certified: rancher