From 68ff2385b86dcb6e199a5951743a985da70f0ed9 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 13 Jun 2024 00:55:54 +0000
Subject: [PATCH] Charts CI ``` Updated:   jenkins/jenkins:     - 5.2.1  
 kong/kong:     - 2.39.0 ```

---
 assets/jenkins/jenkins-5.2.1.tgz              |  Bin 0 -> 75411 bytes
 assets/kong/kong-2.39.0.tgz                   |  Bin 0 -> 205890 bytes
 charts/jenkins/jenkins/CHANGELOG.md           |    4 +
 charts/jenkins/jenkins/Chart.yaml             |    8 +-
 charts/kong/kong/CHANGELOG.md                 |   26 +
 charts/kong/kong/Chart.yaml                   |    2 +-
 charts/kong/kong/README.md                    |    1 +
 charts/kong/kong/ci/.chartsnap.yaml           |    2 +
 .../admin-api-service-clusterip-values.snap   |  726 ++-
 .../custom-entities-rbac-3.2-values.snap      |  975 ++++
 .../__snapshots__/custom-labels-values.snap   | 1885 +++----
 .../kong/ci/__snapshots__/default-values.snap | 1869 +++----
 .../__snapshots__/kong-ingress-1-values.snap  | 1927 ++++----
 .../__snapshots__/kong-ingress-2-values.snap  | 1931 ++++----
 .../__snapshots__/kong-ingress-3-values.snap  | 1905 ++++----
 .../__snapshots__/kong-ingress-4-values.snap  | 2011 ++++----
 .../kong-ingress-5-3.1-rbac-values.snap       | 1853 +++----
 .../proxy-appprotocol-values.snap             | 1861 +++----
 .../ci/__snapshots__/service-account.snap     | 1857 +++----
 .../single-image-default-values.snap          | 1869 +++----
 ...est-enterprise-version-3.4.0.0-values.snap |  608 ++-
 .../kong/ci/__snapshots__/test1-values.snap   | 2049 ++++----
 .../kong/ci/__snapshots__/test2-values.snap   | 4309 +++++++++--------
 .../kong/ci/__snapshots__/test3-values.snap   |  724 ++-
 .../kong/ci/__snapshots__/test4-values.snap   |  754 ++-
 .../kong/ci/__snapshots__/test5-values.snap   | 4065 ++++++++--------
 .../ci/custom-entities-rbac-3.2-values.yaml   |   19 +
 charts/kong/kong/ci/test2-values.yaml         |    1 +
 charts/kong/kong/templates/_helpers.tpl       |   28 +-
 .../kong/templates/admission-webhook.yaml     |   90 +-
 charts/kong/kong/values.yaml                  |   10 +-
 index.yaml                                    |   82 +
 32 files changed, 17730 insertions(+), 15721 deletions(-)
 create mode 100644 assets/jenkins/jenkins-5.2.1.tgz
 create mode 100644 assets/kong/kong-2.39.0.tgz
 create mode 100644 charts/kong/kong/ci/__snapshots__/custom-entities-rbac-3.2-values.snap
 create mode 100644 charts/kong/kong/ci/custom-entities-rbac-3.2-values.yaml

diff --git a/assets/jenkins/jenkins-5.2.1.tgz b/assets/jenkins/jenkins-5.2.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..a6f24086166716a7fa64c341d4c71c0ab64f81e1
GIT binary patch
literal 75411
zcmV(_K-9k<iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ%R@=&!FuH&HDXLArPO`yQ%+1|vk2c1D2{r~BNYY=Qq%4(f
zfus^D$;M>m8|O97>zyb0M$NjYB+EduvbuNo*zB=aKvgws)@|0TdA%e4z2mb=dxpcP
zyu_aSmtX!<tyZhMjRyQ%tyZ)DZrAtr{!(k~Zr2-)+HS4!mujuPyHouOs{VRZR)1m^
z;qWijKipS#aQ{tyu<z3dM-KH_vw#o|BWHrGXcmvl4y{-?B2yYJo5=AaG7X_($tJEd
zC*d-u{tWw5!kXy!0zwFt&~;$rh@h`(o5_E_qKKk737JEE^tE1Y?9|Kk(w%)@+xxl-
z)$wo&sE<9;L=qHyLkQ|Lkxi|867oiw9-FC7Qh@IFS&2C|v2eH!*uArGrlDh3jJnNQ
zxxQC!q(C|Tn8v<c!c*c$X<!PURF&p-y|G`O@9q$5{H4Cru<8f<rP}HYxQ<19Mw+M<
zU~5K7^>Q_@l7GK4OK`5ykj9}!BtmiMHqk7K0@kclrVcc>sHbMiaw;?8dL@guWR)l+
zq~c-6ugDMPysKW$QfrawV6j+~WfP8Msu_!efQHde;pH$E6W*hRBka;?*}_re64-@=
zPmDwCCJJyE`6SG(W;-l!@v@X1!fMU?cuY!iyEf6=zx`G#*BYhj+uX__aS3Lml-{K{
zaBdWUdA)#xK>sOsX2B-R3Y{Plok)C82_43cYolpMaD<|n<4+mF5yJiwF$=ropHPdT
zXhx7ru<iI$L<8a@rdAxs5%u8QB1XbF3AfZxQ4rF(V-tqxoP?;hU#+6Rji<aQqH1x_
zn0N2^(=B9^z@<yapK`FitwH-!z$OUk9kHS^dRv%LKK6B6z_IuU^-7b-EX84@R=niW
zDXsATl-Yb*xF^d64Q<vel=QTgkmVFg$R=|dumazv5q5kMLM7s1$891H)37`V9b$Xf
z|F@9XGaT`aRX}nZ@(PpCY~Z;67SWJJ#9v@HB4ODkx^}7{X*9)Q=-AYw5&pL+|CH{6
zPBC_q+6&LJsgL&$a_Z``q<Z9dci5udxRz5N3JdA&CYB#&;n@?F%;U4w1SKq`$y;t4
zF_+@RM3~*b2->3l#F@tOYQd~zQJa*+J}gAbfHV;f0@tyiLP4LxopQZgEBseqpa1QD
z)U`CnZcNyp!vH?Z|J8P?jh#k@|J$xrcmKiv{b&4apd&KDu^S<=1JHzqii(sA8)!6h
z7;+fG=u@kAUYgL*!%;+RG;v(QD;yEa#UTM&Bz6%BuoJ=+GUmTCMr_VLQnaLTh$7+z
zE{+I57eotM6$%?0=wePd6_sdAiBCezI}3>*XwZNaHqele1XAV8jJN>_Svd;a!Uigp
zG$6PbQ>{@Dl8N(J*g*eg%aNB#=&N}D^sz_20x4AhnmO<$vFom)lme%2uy-am@ct{J
zp)UK1oQXs)slumPS19m~UP4A(${z6}fk}WZlEvmq^Z>(y3Sx}#YXZBlfsSd2jxUe;
zFgkY*+=M{VqJ9)o*Cipa5spR5oVWC+91DkuHRNmV;mDear6!LK1MVP2<N3OWWRlD3
z@oOXW313s&XO*!_#}yB=h=lwKVigt;%bCc#pzPT>^I^F$uP@emvNE26EdNY>(nLl1
zSJ|Z&c8di8Z!{z5`s!Q_{ewmdwFX_uMHLcMudmLVsHjGhd@su-Fu^L;%L<82{K&yB
z929I>gt7I#m0@MXa*JhE!*n9PWqcYTpAeha<$?jaYd2-z9UqTf!ca(jn}o)?a+bQx
zW`em#E*=w?BgBi0r(r>~J0-4n&a1E{ib8&7lWoCYkI>aMKkt0v1uz^0Wn)e_drrN8
z`r?74fA0e&D5`Ulz%3Tk6AGRQ&_z4hj8KF^GIdx4FH)rcXriKi!4;ov98l&&R5w?D
zCip0RrC4|dPK2kxN%O7vFUTpA@)rNrM8$f!(WsVd;_WF=;RP=Ng9%i%Vcwf4dA{bi
z3pi~GsOwl_H2m)Y{Mkgsmb<`9RxCW*m=P-^k(%{E?7Bnv0xP7No;wp_EiIRz)RBaB
zPu32W5%}=}Lau7kMBlyx928I%4I>;z0xm*`JQ7R)0o%jFzHNLdp<>LBb}{v-gkfa>
zwIhe|y^dl=_$CjDN4zl!k;hqhTNGZ&k3G^v6YMggTMtQu`Y|-16F?{C3_oYKW3QwB
zY@({!LY!Px8F|zu>U^mK?^BzU(SS1MaOC7=%P-Di|Kh6GIxq6Oq1gG@KEEDzZ#sN@
z3Sf`g{A|d2y5m+55Z~54z;0pc@Ft7EPg%?&>dA`g0RQ`ca7Z)CqCSZhG`x5GX=*lZ
zXT(Q@6An%<&W~CHjw1GHG~@J@`X$x10|X~p%2($WV8GvvQOWTUwmtq|%c8L#p@rkR
z$fwAq{*=f&q740YC;Zw_O9U|TJBesW-~sCREF##3r8Xzq@goxY*hSPQTL7B_W-}VQ
zoR^rBFft~n3<#EE#@l#siNW>783huC#FiuA6+lMD|1uA6OBX|Xi@(%)E6z2E)5Nd(
zuPZ%@isE#A<zyUaDu_ZPtR^Z#)nc|Y&Q|fq@UQ4B%`E(Dh<%%Sx`)3BG9v#nht2P^
zd$L51FSozE?Zs?KTqFhH-+3i9Fg?l-WT{`RC1_dVpZ{1d3fmOwIX&rmvb&La!J0e^
zN0kXiNA?&|U4!pMV~a>wYBy8=t+<;}G{X_p;Kzt>S&VFFG9e-7-59arknir0VAq2a
z<O2W;`}#;YkwN)kJrz2f?q*Oh7hGM}sab{1N+%q9J*)ZiDIgn+MM2PN(MWYs)E7&~
z!;XuvZHJtznMl?Jpzxa+b0V3ckNhZOA0$?CjbNh#q^6)pqlC|tN13xdV}gX#*+#MN
z^8Wa&@#%#_EJ&Zc-{?dE7nE#?I5RZo{7Oi@6ct)v9~PMdYP&SH$AmDA?GYb_Gmc?z
z2qt68q%n*{s;5&Bg%vAv99Ap^sHFCxZ2(H{Wr4HmY)1L31xK@FZcL!^(-&T?_}_V^
zuK1&%SczF!VKW?(7pAKclF7O$1IkT&D?4v1T`2wzU;(fJj%Ml-Ra3CQA-s3dV&+&g
zPCR4I<c^n`o(OqW$#R`?(%UT#^Ltb8>je(Q2r@4^L4j~MjrqHdsYkTLY5{tR4b5w|
z!YNZ6QVEqx{3SA=Vf5R6bw6QKuGD)KyZo^O>+$Z2Jj8@W3~tkN$8#d~zJT=GmNg|u
zENV5Spxz4NCMxb!y`uc!5l^to^_|_GBfh!-E#0JEt>!dpR1csPU^?Uzg@Ta6gGj$p
z;gRIJbb+My1!>k2SRT0XvBlYoXr`JIPF9d$SB&cNCSf29p!|}6)ftFJ`i-38g%ZI8
zZ|e9?lt9!ACYZYHgtHfC94KU$!)zP;GVetHt$}Igc}=n02j-G(tS;Kdnq}KaE!;-l
z(rx4~o}&Ez+zF`<;)pp89k{mCJiI*2jz2#Rsi&CJ4Svohu?sE5gNkqNFF{Bjm(O+i
z%D$kVmC57<`Zx(LEYmChfyI{Z{${08JE)gyyZhzcM!DA9uGRMwKK;cxQB=!B)ml3x
z&kp$|P<q6_Vr=}a<T-xD!;ff2aDZkcB%J#cq6l#oi=~eq+o{z(RQl*W@?VOX2TVlK
z*R$45>&wMpH2jK)Kj(wuWE9WwMWFU#ra`Cwq1zv>wh<E`nwi%WCo3^i9F5~ofj6<q
zgs;6r6LlESbzt>`Ol0n0XkxO|viVmucByqQo*44gC0Ifm9#+6%!GmW^Qr+r8#$Uf2
zDVVFTN{IAT5cp7h;UADq_}D>mBk0%H$Yo!%qBX_E4ni7Hi@Lx*jtSfqi_nQ8;`8B&
zNBfdPGlwN7?>cl<`>$p5VH_x^=2pADI{z1m`Pb~zLyou1QQZ=iz6yf8aG1gC89g>r
zPjRCY4qGiGXJ>w7F^O2qREO#9!TAtabRixF^2|9J1v?p(!JB)|bQWm_NPtM1aMlBj
ziAxuvBcNZ!M3kiN2}&b$ebv=tRT~CGe>S4NiMBHU{F(+W0D2NoJ9$HJWXWTM-gz+t
zzV9n%|6z3kY7b?#wy349wk;IKev4hp2g-z<gftFdx*3T$TM#ocSZSU-EjCb}MnpVw
zzG_%}-6gEATQIF(SsFqc2YBqbPUH~wmG=j*#)L1gO@feE;)Uz;w|n4XORVbG^+S=n
zmT#bBOc6!3YPHJ$b&Z`B#y)>M`_wOml*$L%TRGovw<OC4ZyjJA-e#D%x00(BjB`1W
zoT!t@hmpd<eD+DP`3(E0im=PXE>d$Z89v}t1WndLu4G;uA5HLFyr|5x_uTZL*pcti
zyJQ*|5FtJSjcyaBtnkZwRa-n(vf_Y*%wZ8s33X!+CQ?p=iG)0@Gdw5A*oz?Hbbvd<
z5imbaNRS=UAds?d%h+Umy;(e+5*CTA)b0+^hkb^|#J6T14)3>65W`{i;7)_CpV_sN
zUEuv`zNv)zoza)8)-C5RpJ~eZIWaUr)-5dLmL83LX<C8EW7L2L2wSp<cw5McB<&gV
z=K^y=Au$t=u&*o*0+(>^0J|`QoG?pK8DB1S9FgPen=5-L<<<6*md5y1801uT_o}tV
z2K-@Bk0Vjq**`d_?KBQ{p||xrL^H3M?Pq-LQ=ikzrjlOqg4N+R(ZBPCiqo;O^R4CI
zUf`05xJ!LMN(LVYD1UiLDMcQ2-9paPr=hxpq(oQWJA7CFG!-nM=cWn$pF{=>Zz6U6
z6fPOiS^}dEyOqZsX6d?k`mHR5{AQj^@kYe<h3_u;>KyBx+DxR3@Om4B&fIaylysPd
zT`WwUjAzy{4LL{Y@NKn~+{qC|eQFc_sNF)uWn=-ICJ5!uDYg%>i+ziTXYn=2AwWCU
z9Z04j<gnrZIlkq_HoOb7*Sea~`+cS~oG4lb1dcEKIRax84Z4um!cwJW#AibgIA>yl
zKn^p2Al)Qr<^h!Uaq>?-15E_)dZTWH!zt&^L{;%ueodd+0_5}PsmU%NXaTSadUDUH
zg+WOegamjLsdsfijwyr;-GQ(Wn^VV@l4<I5rZ|AjXf7I5R6W9!D|DD(tjBSLLWkWm
z6wpWrAl)T$ys-daqbS6aiDMxagu(=_oXl9~QK$k&qK;IB>9spEPDEP0ol<{la4o}J
z)}SOgV5B%rYGu?397Z_eFWMn!*jVzH(#j~+7@APpL}MxHLHxHS|E3jiX}GHhlqALp
z?kim=MgEvXIHRM*3s!O|wo7u7!_pXA_r$kL>J1=o1}QX)BQ;X$=go$YvzVf~0ku_=
zci2aCd`Fb{<|}+J-IHZgR4D;*{VEJg-V5Srj0PY}KG;y7gJv-fw$QmVCq6&ze5YN(
z7U6#lLOPb>8fT(vi?93;Nc%@(ZwVzB;kRxiSK$AkIww>yTo_6;rN$jm6cTvZp#|pz
z<6s&J(@bezSq9crV={6)LgPqU%&-~nH55#tLS0r7>}AS&BE4>4B>{GK+OUq40%|9k
zSmV1ZftNysNr{PB;Hx}NL|LnIE9NevBr#sUj-TcVp*p|TW(2#@Of*lP4x(IKIT8h^
zqQr;#JqYGE*m2{KQ=O2o8Fg)a3S?6OPBxXbN2+oY)#|c{PvHrPR418k2GoAb(CKJ2
z5HGpsIzdpSiQazurlo<!A}ZeqtGc`=wtUE;@82sfojU&8m$3l)D0sXVkOAV)hnF{h
zk>e2|Fr8!0g+~iQd=xEc8XA-OXLwEvRU7qfW#b)?&;bsGf8%_>x}NyP&c${WrmU`k
z?i8dXS!~mv*%7Mk3tM965ABHDPX5cb#5!z#a!;he{Rx{Q-NCDOg?tUJkZqqv3F+py
z5wL#->5}}`R*nRRPh$~8NZ36hE?&w`i|YAQPP&ee&1)nI0SCL;u`FheYp6Jx7Wd`N
zi-G}QUp+fH*h(F}Ch9+PZgk@p4$k)fpo5b?=AS<~8F+uf(aH4i-}~%j2lERK&x`Z3
z?(}T%y>jHRFa~#=!`Pk@WfCIT&upQxPJA727RG+b@M<u5HG5n!>@;#XFKVNtbCg0&
zGGf9y16ta~^IAQy4Pf(Hd1rGA*6yt^8m!D~{5ep2yS72Sw$kElg0OgCf$6Gr)ex_L
z!~Ln4?n&BI;+2;blJ5ikCv=b)=LOW30zawbh<!ZAj?2egMjZ$AzSu{2%%~ej1o^UQ
zh%i5I7V#rI73bW;kJm}-CMs4F{hhS5X-)b2)&(hL@=Pos1l};`@_R>3yB1J^wInZu
z2LPu#V64L%v21JcYTv0UsaL6lPAQ8txe~oU1Ax~S&vi9j>c#)6=Kb_*|E0}rQQsm#
z#475+Uh=gmq54+Ykk9i{AceFFHTfi0TZT>&OCb}dwKJXnvNr`|@DKr)CDa}K7<5xY
zA-pHAgllU7p%SW=;eVBC#^}@*K(wNaB_^jf>>s7&l5d?7I_sYg_~XncR%Cpt8{aGz
zPDFKi9k#>R8+RFtg*{@HSeP~>?cvoig8B$VvdY7iWVUG*2IzyqIvYn0h$WZmqT(fO
zC=l|>rKtfjNQEgxOXL*&^MRbBWa2l{Q$I`#qcTSE!`Fcoq9Y=Rz*}=Q-)^C|YM;N|
z;?&@+7RS9!)L2eNFBs7kFueS)Ud*Du3e{suW+XI%7H6-VsEiJmYE6{3*hw^fLc}jj
zR$Yp1G&W^pAY9<YL+xd~`?e59r`IQ)lzswaWiQF?Q%<y%+IFLs=y>=@7@E-q9|Cy{
zsI;zq)wvm(veKfSSi@@Bn4%v#k;8lmoG{OU%MiQnatmR`oT<;}v^!85w6wf22kNRA
z`Q$?fbb+jisP8VptAKX_LOaJo-GN*`PVZnOCMdmviT+$QTQlkm0&9s;caTUgZ)XJd
zw@aqj;wXAlS#gT3AdT$CL>>47l9jJyT_yGJtgs6ksPl-uz!f&4nay8<<A>8%A_(uy
zBOvhLJ2!gvm^W9a|D~n>84;#33vZ(0D2%lW!80(@?S*W+6v`L}#oAt7p2YnvR8yx?
zS;ws2APlY$;Z4UU4JKCJQ|<22mDC|Aoih#zr@&*!SGF|6L<@i-Do=f+VJP|##x7yX
zOhoU6sZi&`=}3$T4H<2U@;q~oO1oaT$lX_7lL}mNQ1v-Q_dZ?tD2T_dW1;gy1X>X{
zZ_6944dZKc*83=x8esS;)xV4*>WBu~lxPc19}yc{P-1Omg#M;1qmC@<m09eUJ?!Ht
zs20n2-XokZQs!O#)<_hSFI2~IG$Ve*S$*=GI9;!5$CztWzw;gibJ#F=!;66M2@F6l
z1~xgpk3gUJ(x?`BbDzwfu#V&qm_hEPiKMB{FjR)*F$yt<&9ph0GA4sq1zmqa2ZlkJ
zct9T{GiIu&4yv^(dZ%z}f`&;T!nwuBU5YDMx8N6ZVm~nnsR!`i%V(R6U!ZPQFe`UC
zV`d9Vl&A2CglUjw)%m&9F%pu12ohE~ZQ8Hizp_*{5ZX)77@)7Pj9<Y35h_V66%Uxu
zoMxlm*eTB^JL50=+mqUakX<4x@oQ${(nSeRry-f*h=$FbgWd9c->TQFgWYZWpl-{$
zQzvTfl<VcX{5#jjzFFI^Rm<~(@fT~mioetw2lz|F(q<M+I5`07TWQ-Qn=X7H7JQF*
zj_-J}r%s)%!@3CKChgXU&pCg686Le3LWsb>H+l|cGOOoMSIw=#lqxv^g>U@d)Ch9=
z@RxEO#rskc6=5$DQDJ_v+BA#GP`JhsTjP}WHB)<Sb&nx%n-bJZP-=cE;i3iIO3K8}
z+*074q^O?mR+*08I?)UiO*4o63+SfEoP^n<J|z)T3M^uycb&Oo2{l+`mEZF{4ZC1M
zB5S6mDTX*d@;R=jN9$|BT?WUDpm9j>y*89e48{agB=~H;)wj@BZ4+dXvSeSrf@!Jp
zEtgwV7`LfO?Fx~O^F##SMtwAKLKdm16^4?i<FlCG5o+#j3evABiR4)LJY#!KLOuj{
zSw>gtTFFN&A0<a)bKz%9%GGO)A`EVs+MZtuv=reAG)aqQrlkp;pto!H!CO9Vp?4(w
z9EBwD6W6EkLK(f}^hSM67qx9n-ZpNln}mUNp=>>lecM%BOUfYB!&CCr;7d)z)IW2C
z`i$|-#yKnOh6LM7W9X}w9$=d@1IHotx+1JoLS>AZkU<Bc(6N$-j*mT%0Es9$QU?rM
z{+=xPHt=KD<s%_p5Wxp_?*!oB?WbM8p`)@;n{rrvfIN&s9Fgg=$rsMIv2bexlZ{F2
zipibMf^aP7q6~(@7q_k9K%HVK0#2r6oV;3505JsQ=~z#J${D5c>8N*(0vv+1uCUn^
zefDs89|!1IMwAHU-HqO1KXMrMmL(5r=$I4X`+^c&T;auO<hcTbhLGBrDsTlDX$dQr
z=h_+`k%0Xt?77PNOW=Vt9#Y(0K(fR@AaJqckH}-B=N>K$90Vbq6NB%chLp~iXcGID
z)(8YnKwNlygIx}A?+_8Hq?vfNbZsH=oI7Lz?p!trQAJd4L0{O--ZCpaCU_MPO1Dki
z1WKsrk!VJ3*}i<os9!!~)E~NW7?7~-az@^QB_@32z)+W6>`%+Xi1S=U4ap~q7r-QP
zf*uYGtij_(;Hap-(5AeKv*WFYqH$vW!f)s%`n{wKHiOXdBlMPEpZ*k0T{_0DUJ~Rw
z;}C}qf1Qc=0-S3OX+XjVK8`7kSQO#_-O({Cm&<Rp1Xj9Pro2}LvEXAA0&Kxuv(z{f
zhZRv(a`JCEr~OvEBA;>LG`*Y>H!94O5ukYdyuByOzJeDSPNCG-NZ*qs_-E<}8*!*y
zRzo6bE&nbN!@g~R6^~e-KYo0;RfUiMy)C`vC`x_V7Gl(VnTh9p&Zvsw-;&{rS`<Pu
z=_CwTIwBT|jfz70r5$~X#?2#a-+Xk|#;naJ=FPWN;H3<J@8%MuN2+Y?`FlA8E8eT)
zHmcR?+cFXcRIsSe<bi~W!rm9V!3_JcM?%K}R|RZEBn02fx23mRayD!MLRc2@KZ&pA
z(_aGuy(8sm8NKyHm^&%&tkt(mcx=6WFNCBiKi*$8<;v6hg(=U}{+`&+i@PF&oKK}M
zHB~+=YKy`#6NE6~fIF$ya5rVVmRFc@Luinh2_QURmYw3VGks{%xh}@d>q4Kc#=e;l
z9C7ZVBC#oBn_3&m+p#3Si_NkYJw=RV1V*v8{Et#iQ9?PJP19Td)oo0l`gId)%%|{D
z7n^%!YX45BG=C}~P}5|nqNl*DNJlyWCSeOsWMC^KYPVhNc!|@kF)b-|ikLHyc${K3
zbJ{cv&<(JJ;;e`;mHdMdKc}3zG)y8d<%1B<z;w${K_wjDz@VH8V5CA*A>lFw?{O(q
zRKDl3=Kx1D-7{~tL=Q1`;bAPyL6n<|zPMmeqII+k<Ynh0DuqO=(*oL{aw>j<!_eD{
z06)Y;+{AA~;*-S+DA^tg`8!oua~Ng<sXhGFSg@~oD<+&hRFzfv7}KG25(^b2_fXO@
zuzmqi2A>?XwxS4*m=;(^E<+o7bjovr53Y%Jt0?_rRLn9fNth`b+pA87@L7gzN)V9D
z+aYo3LM^!CDc_7p3ReslRl{}^^A9#Dqn5317D3EK-;#S1JOZ|68Ou`~5-e^>;Ta&S
zgdt%8Uq|6~C0{u-<jbJY;YeP0%c#Sf@NVA)p+kYk|2?@!-}CX@@!J=R+gvztNW%l{
zFU>9gfip~;@uAwrKB8#qNU4bG93zil-|?sXdB(Sg*uYZTq+gG6CYQ*=OHnAf#e~23
z-{`16)ZwBw3=X1cup=(vZxpsA?I4&K!fYALh%Zk!uzF)+QIDhu1<uU(lE021A_84~
zGz+JqmDm&&3p4ABfWy$c<Z1aH@KCfz`R;4a&D?z=ABzHO@n*sk&hNm=|1SInl5t3X
z9wV4t-e3eYAuR%?Ux18s2t>iRfSVu@yLt<8{%T7z)n<?sse+EIGCCwIGJ;Y#Oy6Sv
zs-`Fo-M{5uUlrX@ASiic;aV!`4##dmTo|xN7?bhR0O4lVoQUb;ZM>O`37I?D^~Su4
zt)wU^TLh?=jxW=lz@J<Bu@YRM+t_u5h)|qK(Vg&dgYA%}5_;JUKP`Uf@*@l;<5ddM
zHP9qys)4=)Q&&vwNhNmBy@GBPLI^Sy5Y3oN7^5(T69w0yt1b$0Rj9pzEsvCGIMwk&
z_)bl_$*L-{gVV1_lqRBvJ(b!sCADW{^l)HaROIyJ3qr!JtEXz;$}JaBMB@;(yZ^g=
zq(c^h1jex6Gu#7!-2<hUjo!-5^|q|`59l0)`p%y!?jWK;$t82*CK^p~93?pwArhq~
zJcz@9GI*C85-jZpp7?>`z!}kd!&_H7{GhaFPj+%84kg*U@LZ4|l~IlYo>;}gVRfi~
zF*yfBp*W*@S9K#^COJjk#Ba;SYwE{*Nx;g0MUKVNhG^<!Cc-d<>=nVT$CpQ#uw>N>
zFvsQ8{&{h7luZEw*tt^#B~tnVmVVU2ZZc1x(Pl$u>c>HLoI;A%#zADw@aiN$>~HmF
z2|0EX72kY=WjErB!CSLfNO&O`ZB31+l|)^WW=|>rS{9m?3>0%F8OPC#hRzeLn-b9e
z+R1L2T_Dv*YSMGDNKO89O6;zG%_pyo{Uh4)mk?<_vmz~@`b&?-?26#5W$7Bz9&tvs
z49lQKJsjlP@+2-|{OU*?mokwi9Up~wQ4*Io2w-)f!>$?4Wt9gPl}a4CWRPWwh9Y(Y
z$0yD0qWOJbM9>rgG-as@PKo|q#iZPVNR$Y)Z8A=g+>Bz#tvI4r#HHA7ns(SJW4x{B
z8Dz~Tg#ZW4v`f*9lqT*HWI;6MJZebBltyK<7g#OM{Q5L1F{PT^k}D)LcL?x8Ri~gN
z>=|&MoZk%sm%rYyFurE-n30DVWP%Yt8F7&G%*R|3$f_uM1j(o-Y34^%D&_J(i1>Cu
z9ieIu2}eL#F$f<!g+G|Zh@KNpPrV*EPi~WlSP?PI(G9+6%^AbV7@o18G@{fRtbm9`
ztIvas?#f@=QRqyk5Wi}smQy!QV%X{swpqX`O08mQUky14Z=09aB;CyjPk$732zhJd
zM#(uw-ASKDgOIQ!OG=mtaHVj_1`<PNRH|CF>SeyGz*MzrwdbVDvQf-ZkapGr+Tn1_
zy)pu|%#3(C;KD+N`|vr<O*oc(=324RYC}uV0%DGv$-NVx(fJU~Nth77U((~f6O3GT
z!{IJd#2hKh^95(pmbxSA^FsiVArgi(l%B49d&`>!X8DSLX^S>lPZkYR3RpnhkDUmO
z$%KYdyO=QFB@YK$I)~md{@-3_bb4|0+wi>88E7Lnv3K9Ap}B+vBgZ4nLi&`y5Qxj1
z!}TN}WeX*UK@y_th3@`nKgQ`WV|ZP4F29Vrz0Sq;s9<hl707G5T1;kQI6M^|0V4Q}
zlwnBA1->@14>F5Ud!WtgNWw+es*T2$R6kL_q?FAGSZM>o(3k*Wri}Rfst|!?6S}K3
zv?(cx9J;)e<f|~Gp1I7%b25y5UzkR(af3$zwKH9+aj8(mptXUdITA`hZS>9vk*OJv
zwCP+lbJ%;(T&1j|1VG)T2<<L{K06p@3C2U?NNdzMjw!2iPE~Y7B92a=0%tJvE(s>|
z&niUD`z_<vbC}je{SDQs^@gH&jLk+?Ak6OgD(W^9>e?W=(Zh!|l+R;u3>25C>%!fM
zY|Lh3iXj<~03tx-#UxG1eTpduG=mE<mlvjy5gb~=RnXiFKoJscq+`U0OqTgVMHt)C
zQY@kVbbM)BYj)=_y^YMcM5e#mTPA`t1uA~Gp?_+fp9@=mz}N9Xw4u9X38yD&B=IG4
z+%61eHxq3}R(?KO3wli;7WBGcEJ(+QS5_^i0w;SA-^nPJ`G-)vLK6LnXuZOsBeb!R
zBjJM3R7Qvq-j5QIFprS3Lm{Hm3UTnsBha+7MB@!z2pb?FWRRQ;UwlY(g~nv&fO1nh
zZ%mw!EU@dARcqC?k+W*-(rKk$tsPXVwMuobvLNFbrS~P(mQ^;AeoD{}D{*GMBx|yg
z=(dD~sRz+bWv{ApP9&OWB=`;|G9&3uDVQdvC#K?)g@|P*%y#%R#-UE}kYre)zC1sM
zuEHZk%YIf;;zc3>7Iah+E7Po%tJ3C_H^JeQuWYeY;?$Nuj=p`%bK^B)+o12?;Sp5|
za5Uq;NiCn6r-~?zLzn-OGuGmN6cT<f6~tCth$b^BMOtYFP<_;VWPM-qksFG?F}TPS
zh}s$u+jYS~u2_SZYAkC;?ASGJi}WX{XDR-mPhN@%tO#p+2nFI(n^ZRVe;MKQoQ5f9
zK_g-fzX?P`PjKqI(NH!@UhKaLC4OupR>Hnril{5)Ui@f8xFl7z+ILWwKZ~ycCJ_S&
zYv2(HJ;#T#lMq{EU^-y)rq7i(Q+CBOV%ApjcNKctD3Ws10gh&`gP`(w<iN-TGHOjA
z_9a-$a|RkLf#tVkrOwHmgd8$PpylEhh>Mvp{RfL!nfid*46!(zJ98s_5=5rKQ|ZC^
zldH~`TlHNELP9*yK~@SVCo(<ynnLrdv{`ePIqoYW#89ffNLjMZ^K7*(wb#UVdZy{x
zh)%h}tyfRlf`<2;6NXQ+FIG|D8Hp+zf~1$25a=0>wKC}{Q}RY|PD`OFnkJ$^fu0PC
zmZL9{CC@mP>j>tPOrj!w3Z&VshXYMN)dI?}Qc0I<0d<YAssa=EEu}e;&`jbiZx=yC
z8FNb^v7JzP+otLW&NybIlsK`y8uZ^vDdPX_o6b+Bvj~-y(L@oI(f990{S9;k&LsR+
zXJ9l5aVLeJJ-m+~|1Jr|o9&<0;jSXSqg>DZT0?p6CvMv1`+eAbFS`BL4xVdlL;z6h
z^lS(K@)!}H|IU&y04op#Wry#1kpNV+bfC8UNCLb``najk#1<zMP2^7<|8Y&#$YmvL
z!6h6?zrmb2`rB`)R<7-*k{cK%YO+7WGDk<2o;bv{RRvABWG_QP)({NIb=IquYNJxE
zR~!$Fc_C#$DWV`1R=wiDDLH=0Fm2+vRyLAA&`=#FqeLeq?3c_lzp;XynlX)~3ZE<u
zdRAhy;4z&Oo%tl~Cmj-Lq%UsF%=+rDU>T!&w9@AGI-)k%JE{XG9}+TMY6h-q0ws_K
zNoKf0N#q5U5J<#1#EdButO7DvO#aq_h|(*4jLwHSdgLgh@J+0ObcUL8Dl?rv?;On(
z?^#;Y0PX@hiDaZ|<)sF$IU?OhvJd%#)#Z%64USRpUI;>Gjw6ypV1#WQfy1+eH6;;J
z?-wD{0Kmg`4;r<kj1PxP9c~le*Devzq_1J(%om5QxWlB4a8i<;LJc`}Wsz0I=!U$1
z^c+lRxWJ*EIKZYaAo7SZPmbK1=D&cpzKVQi$YdTRd^H{X2Nirh6?~Z_X%nH6iuABT
zoYEvHauY@@k3g)4^E{o%Z>PLImo$DG5-ks-KEy%b1VNcyn~vA=?C7{i8{jeO_zs)t
zBM*Uhw{(iO302W7WX9ow;C?KY@Wo(VSe{Zk71$XoULt(LNrqX@;*t70hn>yVUqd=d
zrF6|dz|y4Q=v&86-#F=7FR(x9%CBL9a+>j-4`uupGoA+V+02<lD5No1wZgwSQ%P59
zuAj^+UgM=<iAt{?j;OxMA|$~Jm`sia#ze%ALPr?v4ycVPB(f@SR%9x~mg`_f)>xeX
zXapo|+a=i{r$qeaOCqZT{R#0O|FwigpW+2<A|b67oS=zR3YMK}c}IECEBa#O>M0>c
zJp!g1nsLw|s^#j-?I9k3$wPF+Ej<VUFo_xRNEA926aI(tquLpXHNzI4a-mO1nkuJi
zD#QP+^M97m)WoZ>xrWF!0lE?`jhQ{FC`2Ch9U<vjzdu`vfICU138PR3>M2+<W^uuI
zh4n;90_Z$vhjU&TtN74~ZbDctM^t8XR>3|bNX={JbeB;nXho}F|IEpd7qS)NfEeqD
z<fpC-W7tHyRXwjVKe&FetM|CJ$cPPN-IcXYFap88YO{(I=O!ga34<-r>d012l(X!>
z8IX`9$26&<k7@F$B3$;fqDYrOXu&TKI;A2(bBw=EWda3I#mOku4k$x1{;_Jia}bKo
z7<(%WF_>x?BUinOfGvW~$xrabd?UQPJChT7#W658rvl2qvtP0|GkvA@W{@f~(y0}-
zh1?Z^5wxW(xGB_Qz>_d#4*(m0Q!|qQT?9nrki>CBJse5REVgYm;i2fj@u!mdqX}7P
zzi5+R1+G(Czthl}I-uSX2jq^9|NsB@|6|E@y#Xt)q6BKr^~;yYgA`g4!7q1o`~^5a
zz(VO&dVD~RKcRnUtET_jkR$zK@G{2WjUCj3v-SF!cl;?~%HIRYqj{A9T|h{%X#;9Y
zVw86ibR%u1egf4|Pa6LktE!e7y~LKic8_Y5;E0)9bYm?66-i9<=^;v4E&L=Ye1W0~
zovRFIDNQ0&_SYnLyYYI8glB=WVp$}flQZIaS_WAV{?02#!LSiOkmWF<VIF&TIvNdz
z;1&W&m#Lr1A!2BE#Y(MQsr@ycW-9u^3^T--t9yW!D#<Cw?d+Zz>BrUbtiU!h1pl#a
zAWN`LLw|SAN)yK=YkD=i(k|Sf0{<}77Q<V}nHXvMO}}i}9w&`>XL-mCB(Og)7i$rG
zxj!)}uvcJ8v^zC4mHSgv?a`QT>y&N)+<7xQ$zch3FcrZ3sc8gzN+pWIYCp<MCyLb>
zjRt6-EsvD>f#fS>%u@)nLRF$Y00U{1WX`Q{F497!qEd^DW0@e%U=bzW>oU(Oh}~-m
zKH#=TC)p9}r4<f-X+s%R%UDu1juZfqQ4ma6U}|s>5F941a!RM3I@e|WJmMgf+nxkl
zzPo47^_rVYyNQa)9!MG=Vn%iwi1-%e+|dUGL%Ls;lP}6Z$)Y}l*a1Q}7R@2Oo=E=|
zV2F4mb8zWhss<+d>xk|Y^=b={$Q+<_EK+V@Nnd|MZ;*vEm4BC|1*ObEm3Vt|@3Pfu
zwYvO2hx|XS%T^zIH!-feu~qK}=U#t4=5=oCVP#zV+-kLsTcdXSa8O+wO+S73u=sR%
z*y=naP+POkVe9g`b=d88b}z^62h8U5bXX0Bi%$>3xxKV|?Zbm;^QJ#p%#OQ`6Ss(a
zHo4egLsB1-@!2?9oKDZJtEbxM1nRUG-A*rt$F{pYz8yZb_U7Sj{k(IuQ=e_#eLVj(
zyq$l3ijU&i{_NAm{*G6xI`_xBmsgwi$Z6b#xVo5ikB{aL+rcAAppN{`@Ug@Cn@98U
z=ic^RYx{xSU7ig|ci0b(?k=ha2lm6|{50^}er?}f-tV0?Mz?4C?BeorT<i4ePe-ju
z>tguOsyrr8FXKVy*xhR!xt}(7j=J}|ox^$H-Og}tIRE%``?=LVX;s;$2VC3Pvmf>@
zs;vhvK0m2+x;vfw)6VFk(GH`-+s);<wM?Ma?d$f(i(YH<ZnJ;as~z5jm-nAKJM(Bb
z>0j)+$Dgh4aQT7m1fyfuYVE~Q_4u*wf8IZtosRtNdOIMui@x>w(63Fe5~#uFn`rmw
z@#f}!Hfr7X&SzJR@Vve_={l9#?G>wUf4(?B`4BCS`tzex|8jZcTz2T$$@0K&MYGmE
z?w{gqYhoYQs`JAH>QOkZ9n7QP_|yyLA3B{`a9{5nUL7|kBWJhKIF4s=y-V!fT5Z4O
z;=#N_@TR|e(wHAUZSG&)#y4&6^WFLN=H6`IO`x7Gw=1{y^?-KIcgXGDho{ZiaFbn)
zj-Mv+LA$YU_wFxGxAE>|dold9>BST0segQMT|d|l5B5j?r{(5ga&-2gI%d&H0(CIk
zT@G#^_m56Kez-hbgtObT+mGGdv&H8l(%$JWH{Jc9He3cHuXPu6@$hzgN;W@Ct@GX6
zD5_oU%&u>0`0i$LGrV>TT#qZq*qVKK7(6V`&yGKjPVV~Qqwn=U1=0SXX78Mh=4TUc
z67K8_<I3Q`-@CV#x53_1&l=Y+cYOC_)QE2B^y2iqn?SvI>fC;4V{3doxjF4@4gx#0
z=Ixu$y`!gNI_*B}bRJGd7oSNzpo8G>rn6aF9(a?T&C$n0GF|SRj_CRA+?#l3{n14N
zwckF95AUYutRC5m`m#6h8lO7h&fdW9ecYLzjN03i`e$eMvE4m8YG1YO%L8_EcyZUg
z9AC7b9*;lX-*iW`df56rYa280>1nsNh_<ioeNw4B%|70?@7rv6v)TRJetaA}%{s^S
z=GF1d-EFn+9n9Fcemrf>?mxEg*vZw!l)B{86n{RuonPYCG=X}(JbdbTAC3keMy`8!
zy6kM9ENf(T*gqLeJBRJrq_$T%=xyHZ2bNd6@Z4TwyJ1DQmyL(py{qe;-AZNoP-FD?
zQ*~s}fk|8^PIVjadb|6RPx0+8+xyt*eAwB)blBPLRcqcE2aC8umJbuQH(-~WPs8ci
z>GHlFUL5RnAMIY$=?us9ldG5-GjPZ@Tc>^d)A6X~Y@Qt6E)MK@XZmni?FI8{rLsFd
z>{O1&4SR3AH`&>Zulv5=+4GM5yA$u^vcK7zw|DEoWHFhajYbL7&i$z7d_K6p>m3{i
z;pq7G<EU}%U2K0G%?Udpot-MXIrud2_G%v+NA1gn)%eiapD*LZU6t+9UcYtSYTwq|
z?)AatWde0sjjjTGT#KGqqu;1s?mW5G(bMhYxZS>MMeXf)_i?gm?f2RzVYqkn)Sr2c
z`uWABb2`F}-r{59@nH91ufDxQoz`^%)wz5ab}O^x@y_x*xLq_zw7j0P$9kn&sV?s0
z(RJ;ZK8??5`}VAJYYm2bm)P!wS6AKP<LRXOiH^JEa{08~2+7o-15xc^c)4x2uMduP
zTc_vKkGuB|uKU>dSe^LC4}0g)q`x<5)t%_JzB}K%Z;k4g$Dg+!KF_-SlL?))?{FpP
zj@q@j-!g9)c7{hi>vFeRy$|myOP@aaccV?eHucEEXojubO3&H;<ld002tRh~UH^Q)
z{y9F{TvY7Ir-O@Nz}V&8a{JM_#0k{9L5zF1AFm#tDr|VbmKXHo=5+7l;o?Jh8(dm}
zHKR|rXHlbid9!oG+_QVjwZeVeuD4Fyr}(TlvOCkK8hN;>Zk{Gk$E}Yi2d7u3{YsUb
zjr>{#Zt+g*@MaqKN3ES!t95ku)NZ#LY%!glJ+)?6Cl5D|r;XFm`KQ6jMI(GVwb}!6
za`eGZpgxXT{ln?~!|dKUIapK=TbJy(b<{qbjymVP*8NGVcHKFg_1d56oyX2m>*8?Q
zzd3A8dx!Od*giR4;@f@w-8cm;t9Q74HMcxoYya{1s5KNVX|G)m+_4u0W4~Yh{IOr{
zUEME^7oU!9E-#Oc4i6tb-|mF?cIU}Hxp}hNJAp9+-sgGms=7E?d^-C;KX+$ytKYi3
zKRll90Hn*)E7#h-jPdP`H-2i7<3;uHV$@mmj;4?OQFo_5y20|BadY>MEM3~`o*ecr
z*`j?3_?&bWXLp}Qoy%UU0W;BVEl$Vvo$9BLXTkU>`F^-qoZ2S`#?8%Zjh{N#y~D0(
zIbED<9%~!$d^{PoK8jiC^*Sf%SvmLI__MeFcsgp0jd?Xzs(snHJ@PrEtCpH8n4xa>
zuzQzX)y{FNb<u8J?zeb(d-|bmaBr8LR<-`Hy;DCMou16EE_#Qv;pu!h-<<pOVs!Lj
zIC`q%^Gm-PeG0o*4_9<^e?0MecOT=~{o?ar=(mIU^+~^Vwz){4o`q4xe(2Fp*LUs1
z`@5xkRCze{{Ez*e&SF@zdehp`-E4Pf>g=4Iogbg=k-kNTEUZ*pXPcu1>0-BbcQzbs
zN85wr1nR-{yk47nyN|ZFck1^)?C#zM*ViA<k47JGmsRc}JiYl;8=qg$1KPPE=lzC1
zs<%JgK1D%qZnu}6qwA+>$37Z+;UIx}yyJhk9(>rDg~t!Hc4X~@*WJcvHap)w59Zqk
z`?&Ww-}UR*zMRMBo152Hz0UaK$HUp<ML60G+tH_|v30dGxnB$qjJv?zJ`5W>ZF+lg
z8PaO~tVIHPUF}_d__VY6c-c67IJn%44i64ni|$eDvUS*NRZrT(hm&D<ynS@pIczVk
zTdhX-uyxro?ybh7wdoD#AMV2sho{qn%2RNEJN<m^Tm+3y|E%ropEe?bD}#2gv3)S#
zT~_WVccTiuzo7TW^N;)e9gJ%i!>9TU3k~|}?cd*Zt=*Z^+8cj(8tuB{YG-+OJ)9jM
zf8M$CPHqN`;a+7ncaG-M!<}X4^6_F2#NNGqHQ1?bfATvgcNKatz)#N3%y@0|7Qxly
zBYvVbJ_s8-_YarB@?`TP?KOhK&0~A}?5Srpj;~K1CpUw~v+Ks)IbQf@XU^yC`GYfD
z;=}5v<@NbyC#)Iw)^6W_h^`vb&f#(O^NoAy-7l@<`B9_Ou8-;9ps{VAKlHEXG}vrh
zZ4Z03%U*AHuoLe)qmR+4UAgHudW+t2SzAQZ;4)^PT2B{8w00Kl90b<G!-umDX4Q7Z
zJwEFkZcoBRqwDn_cP4%J?9)Z?xar(YF4=*%eb6TJqlfBmg#tu+Z)T!K8WLKmGrIHL
zpd_<vP<xcfwX&|5D^{f1r$yQ08F`;Xx?YiKT*&f-TDqVET(E)2=o_jo6I1MCVF|k4
z2``gcR+%=g<g_rd+~=jJmwjjrjCPv=6`nBHfe_$El4k=iVeXjN%>DrcquBQ$#*D;q
z1b;WpSx=k=b-Jn~o{}=2l{H{QMmMcNS4iSjNNC}q<}gUmm#AN*bD>O%Dbn|81VTOo
zzp(3Cy6-E3ZQXG#)w72mp{YfE6(jN44k3W(<CV0C9f<5b!zgT`;&#2LA<K|dD&43E
zN|U%TrP6cJScUMFp4=|MK8gc`edO3Kf!N9-xv22b^JyX_RaWK@VJajLyP5i{vpmfB
zZYtAz5tmcijua3S9@9|dX>X$4ByfE{-y_QyipWo7#13?E>{~NH%{TR(X25`7m{T?l
zSh-_snS2n-_%(teapENXqowYWf6-3dg_Lu6)_?mo;L?8EN<LkYSs4UfG^BVVJk7X;
zi#~*95uU;hYwVZjyF0`hf2r>@top%zsirrbcKbrom_bqzDqYzXwS<oOQj1zg4!8h<
z+n>Tw<K|PFTr)f+J!*3*+P}E!wa#^ytso#q;Gaatspmxpc#w6}awU!(dBS;W>QeMX
ztI*EcH{Fn|LsoPzpg!@Hs9h-p^k7n260vF)^}N_uF4}VkqXii=YTb(ng8Gj{Nh0R7
zt!YG3B4$M9l9FzEX@}tCbEZ|YbcrWi%%Dw@&HcH`pz$uG^1NpUoNQHjmnwTVB+Xx>
zIZa<1!(@=W(i$u5x>QctJ4FiNN;?Nvt@ni$Pp+&ZKR90%cWQM{1#D5CSNvnoDQdHB
z63mE4LhKGB8tU_y4lwY?prv!wazX-}5_u$63*6y~7LHIQ@`8%UguE<@8hNQTp&&0s
zA*zb9)ufT|nZ@99Y^FRG1=)0vHNjteqA>)QQ--}FmWB?;4@nb5HpYmE&{!DxWTDTH
zw6%gD_He+|c~Cn_&>*Q;2KUDTl2PyZ(UYOnlMQ0Tf8``y#}jJVp2L`o{=&ChOWYEM
z5?F<hR{`{hodz+KHUL{XY%vhq1Xl}8&A=mGI^fwlu8NG%FESdjR8%wYw1UtK!giUZ
z{d3DnOmY!(QTw0Lj1`093lkGR54jb%augy*1&f^sxM$@$1KuN(SItMckg@<Vs%Lrx
z9dHUOCXT4AKVU5Dn{2FXTkxDBy_n|aMP!zc06bfV-Ah<i;hM{dGDMF9Py^+QEjV@+
zoM#L5$()2+=)yl1XG+}dSBjtEHxI8NsJKkrryTEP8VGR`W<-R6PpDn?8Nv84fLLzm
z6{BN5N=99RF5)PNRazn$XJJO%U=q6`lBGybmt<}um<fx=4Tw_dc+xgQvvIr!3Q!>!
zF}?>cV1k(=Tt`EhXq6*&g%=!sGe-eG=^PK4t`2f7P&f8e<_^<U0K)Mmc{$9xXG5oj
zik1O^)oUg(p0-fO3!>$b6K<i7qLDYy%@#OS3~)5tLj4KbLW7(37BXVywvFft1mP$O
zow4A0We`lM@YJ~)RESTA0FUPwf$_FP8;iiO1=E%=H*BzBU@T(=M<F39Rxk^#iiaJ)
za);-*Lc?jrVwf|dPnyY*7K&zyJvp(3Rr9T+ME+)ks1iY4&3IWGX2dMPj(AJ)!P6CB
zvB0lX1m5(PI0!1)dJ4Q+pBEZKA__aHChtMxB3JOztNapJReNsM7I88-Ysi|2KeBE^
zCxWagI*P5h_J__B;dkAMBMX?gehs61Zz;dQW=Nr`_Mc$`YoO>l<4TIIJvR>CHc+4x
z{Ql&nX1=bWLN%CEie&i2mPoSJM8(=cy<9EV%hh74!t+=wbOtwVwS`>lcxrlrx%C2;
zNsT-#75G%NYxyRS-2HA<BfPE;X0|q698yICYL^xc#4pnEbRez=<D@?ncgNh(aXDnf
zBE@?6Y4W|64st#fcnGnF|2RE7TKd>?ETC{dL=gXn62gj}VMP*e)dxuj(L39)HCA)>
zUOq34#ZfQx4P%m3(2&&rOp0GcNH=t+xzMs?GfNLQva6d9C6`$Kx#Vv{Z?jyKev~L~
zp#JeN7gGN}fw*m;b<6!CwaX&)XAl_ln&@Am`T(jEe}02=;#3Y=qf?2ujN?^_Sy%zz
zjLKMs*)Ek3nB0k{fwU$hIeqKM^qrONKqzMPMs+eq5i@c_k@oCbYTLlxr_zW0Vab4z
zCg&vxFeqrcmeu@lun{C;t0M>@gH-SmRz{siA)zo^NIX)4n<kpq5-VE~zEdQdgj7Pp
zdKMx}8G)E09D@8th5OVDT{w-w%Mh&Mlyh7bW<kZlDZcr}-!E}Q!ZLq9dD!}njBh$3
zt$2l{k&qVX95o#^NlB)BH<0>>BTAV6Hc}!Lf&xZjo1)R^li{ggI!BqcqDX59(o;}C
z9KuS}VVR}rQK!|PD4}gcrL?wS1gvV~Kn4ReWLx|xI>wBs0R~iM6_Cglv%Xy5=|E+u
zIDQu)Y(>soym>>yU%as&Ic_S>JFyKUl^lJB^~y2Fw^Tw$NU%c!wBYARrI@0=NMY>Q
zF6oK(O;jzYOk)Ivcp>7*L(~$EU~AAt7a)L6=bRPXgM9r%%w~9^C-H1_c7Avnmw)2U
z-T=`FgvKpJv?Q1ua6eOTSC)eM`rs`Pp(hidCl$Hnxp@F4iiA^w9N!e{DkntVE~RAS
zaMK@kwl352a;}ol+&jMAltgty`7~<ZHZvBG{wRrG@t!P;`Xi@+!o#GAik*iTyJne+
zsR;ij`!kg{-JA*G*9=KDVe~R(6O<)#Bk4i!_%p&Uemf;<VC7Y5M-hM(5e-pMWsWS$
zS?uwmB)UtgT#0>!7-k^@<V$Y`5WfIsVxe>hnIxaC!q1r??2GKds$ohxk`DL|u6@un
ziRP$uWYh;iyeR&(ihhdVjPezG*iYoqV+fhz08}fZDXb+rs8%`#MJlY2xW}_jr&@v~
zco9<%OF|;DO4>5C09Im9ndtGJER)2JA@S(kr0*~%MtnWl(vTgPr3pKfQjesQzvcwM
zMy0$P#CCjjU=l5r-0Y^(NrZk&%0P`|HrDa5MNQ%Rx&%L$GE=;zx()S-GW8f*gP#rG
zrqKXqK$*WuB>&n1L56RG;A@Fth6>-N+2oX<Ki#;N*Rp=%r1NLaj4S~l0~ePaMCZ|B
zXTvl>W<lCAZWkRBDXE158pI-|?s%yZpL#-4No*N4MV&tK2x$v+s#4(*M3PgNBv_VW
zO|w@W+kToCQbT%iNN>-UV3!Oo`Gu@L(j6;BwN^qn83f@zqqP>8XOsV=rc>wsF+2Is
zOx%;AZ+~amdpg;Pfg!5Cyx5JLzzi@diOaDPXQUS{9Y9*pR1t1|D>sUR_UB+kn)0k<
zHOR{sBlguVNsY77=DWxU?eToBoM0KvsGr_R#^tEOctEE67dCZvCkr-KZ`&l{sOYmP
zvlAK7n?->^r}$P#0)1qQrMpzivV^adtd~?s7CA-h)^(Q<eud(8x=<7LB7b&P*bJ4d
zV!8^}%FRqc6fHX|23q=O9r0J>UWQi^WWNoX*+#YM6`!rwThZ6%)CKLbfLMF3iUwAz
z)*BpJVFPsqt0IyZ$pZj4_*b|Sz9L3JatOygo32vU7e+54!cifkicc=_Lh`Fnbt;vz
zhv&p^N-eN@G{HylE!R%MDBnOWUmp%SF*Td3YDd*1hk4)?3nuH3!#F6>U}C{nGBA;h
zgz$APB*!E(Ho0ln56-NRgQ!`&9#ylJHk6SX`utO{k=_09!F(?Z?b`-AB_g^e5N4d=
z=s4kE1$av?HK&~2Ua6}TOugQTL`G`a#Cw>}FvKM<Z2ZtREXx2uTH>vq4TX)w-Y2sk
z6VAurJYg{9m8y*J_04|P@g8;B{Bj`+OYQm)5^I%U?4_Dq!G!)^U!5ne^*C_KW_<{A
zBvxw;26Cx#>*(DAJGWGC8h&A^<5#LDB`+PqpFD`KIE<^i{6`OE&cPHviSZrsmL+%q
zik2l^va(e5pIE9wz~A>Q;+K2YI@qvnz?!WU!e5g0aNj^J<Y7Ms;|i5?Y@lFANJ{EC
zGX*(2p~;oVw8@ZxM0wTFxI0mAUr^j6Uac~Js_s{szDPBPV&}njPYq3)8S8-cQi37|
zB~#J?g3>5h`Qh6*!a3uSHc6<hHJ~Q4t2%>!H9!4LHIPXmilt&+n__WG6A&g73krpc
zu&ZVcm6o6YjI;DYQ1H&6WbZ{jPUy#vU3UxlbfqsKTgYKrxEyUEYep$k=S07(RKFxd
z@1{W=Q6IH#hg(VP4-wLAi+@G`41unO5w`B%YssseI8%K_<T{vWHS^>M>FTRNt3=+u
zMCP5;byrMJN1{w>hLA^X5GHFqQ4<wYdZMD)kU3A<^he?jdZXh0iSwg@#O0`^9<LP4
ztrFjKf=SZSKb2=%Y)Ba~8cbKHF9sq_S$X*oiWAmYX*_P)rGBf|Nz3!}-WFS1oKn49
z@fg%vd^Q!sJcBHlGMh9L6`F=D<z+jJB&jonU|NbnBvJ#I%2sATgibj?@rwyBs|3$L
z&h0KyR|#q+jVo2`?^U9x@(c2%@0*nqaY`XCf^%L_%ElJ|?+#GLd9A!FBUG-2xqG_?
zz}^cnErk{+g=I^Nbqi@3ZypQ)p)~m*P&X71Qt&4jr!kFYz^N#0xd@et-a)A>P+49o
z>HHn<QLBGcxww)tI*<nN8(RcXMBM=ju`f)Ceeq3k3<#O33tg;`e3zuP;S^5d^xi~X
z{Hos3${v{7OkW`r$BjS&G{#KmDF(`nU50)Fy96WshrkG8anp&mmcJ)URuMemdl@<<
z=?tzlh#V^<0az+RbI~kFo+vN6)N8vnEINOtcilLH1IHo==^f;y@|N;fxL?<-94Dn}
zg~bLC_nlsTi7tqKl?lii)V7dQCgm+u+pCvrd*y1mTB+?qS5DCG9$lFmMu*1h4mbfT
zg(|sSN(!hq5OfWJPHb~S@_}&@o=!}q5U7=_m3pI4*x(OZh`Ogjy`ihaRvU#><>DPX
zU{=Bk;TT(*?5NzjqH<!-9cuokAQPUFv~Sj}p>xo|T4ZQFEQA_{--lXmaO+vkhhGp>
zQl;cqBrPK&$r0^1oV^;Rs;S3}Oe$m`v1UM8{b#zGWnelC41AMJD;Z5}p0`>CgyF(4
zUP=xiiJ)tzXuFCix{|ynhf7I!vz}pD5s0~I4rT=o)XH(DF|sCPCJ7A0!FF6*e&u>*
zWLLJ8avsbquhI!+I(u$ejT^B$0aIYknu5d_YJfNwvUFmxVh%Hs=){^IRgwP909?6_
ziMbg5Sqq-m+0QTg8fa@4zm+%8*RQ+4Xhy7ixwiZi1tGCu;-xf$(;hx+1&dcalI6fa
zi1UgU+Bh8?TY&9wgpO$?)?8o|CLCc=Ie;(|P}gP#l?|w!&XSXn{v<J!W8aCutAZsG
z8DKAn6-R0_K_oX`6N0@-9;SWKA6<11uSebfN!hatyb>>O$~Uia)tH3XBb;}FbsJ;Q
z#Eo%s%^hMkgDkBcOyx+n8$#YN^zN`V8j8G%sr;tWi$}V}rF_kl-UP6P!=O+oC^>{m
zZd%m&q>5>{`N>UR0oibp<Abd5|D<5&xyG%9CnSKia;;Xb77Ks*ANZr>Kw7_1>0gXG
z!*cW({jxr))oOLO(SU!e)oS+Ny`4t&FSW+*cD>Q4?baH9sn#0XjlI91>Mz6KnV*<N
zIQ&cX5BHTF+<%jwZ{JGjO(0TqG=IxW&$g1u<997>DHc)b`}YFCh(nhHke_O0bRyC`
zgy?O4+BZm_URKH2(f99f!A()enB!NU^d)Xe4{R%Pfi$90B5cghw4;kfsvT5vBE;ra
z<rQgpP|4E5wNeRzupgZE!q``-Xe)_)xRRF)9{uw_BVx@cOpP<i8@|fBprZcknS8!_
z<g)af|AvCl@uMUgUh!4EsWn%yh|9<`fPWsYZ=>(u3-vO(ahMbF)dJ{dx1#(+CPFiU
zA#mC}hi1uMkcPQZ8^hA^G-t$hn`#zyz{_Hv+7MkbcL<W994!MPk}{D;$PU}TIO=>E
zTwINQd-G0hzA1@*V((FO$EY9RX!cw2TbTvKD)S!LzgPdG>`T<X7u6exy(V|m`wX7l
zK?X}m@Arpsbt2*cnk>Rm3_2aY+yuVKKfV{=KeKPsfhYx!^}+^zBS+MHqnDug6Z`db
zV8r%Ba9YjHnRJrcN#_*XhuFowMZ(wZCVrhZQ8xkukO<!s8H`$)p(<|Lgv=lDQrMw_
zO{;9QNK3pHI8uphVR1NDV;qyW=5Ao~pP`wH*X+c%$xa-0u5P;RoXz-C-M@-dmy#;q
zzQO;6tmd8L+vE|ced`*Nt7sOgzDM7`^Sep>Bep`3|NmES=wxD=&utorVfzys{SSfv
z!2{41V#@BIh+f+M&tGUiF^{!6h|S8iKVugE2=H}tm~bsWy!-iqD#>J3l5=_SG`uFg
zZu2#j%uyM?7PiaioQl{o%HB~iJRpk%!}*$s;Ve|Np?EaEk^?L>%7z(?=@#vJ02Rm4
zjE2sWP;w~i<ibuFU9)UTePz9-GV70*D9Q6ApWs6)bb<(&2w+uZP9kZy?UF6T2thWr
zVr}f$G!{7DC=D=`Dt#lXQLgQNE`U7OJDYfv6$-~RM4rkc5PDMC<7=v~rhxi}taM8-
zQO&~I1WSy%G01-uY9;EIwAq17y0oTuJf?B<{M@e~kWS=sN34id?kvo#3a2|lz+<C#
z<RO>m<j?kU^3+el;mCiB?_X*v#TJJ6f!_rMaaXq~WS0-6I8Ub<5aI&Z`awuaGF1&x
z0hd^cV&?M7&|o05-K_Q}wCKFguj#s9Wq1M=Nkau}(qvgB$Vr{n4DHP^Wyo^j8^8KT
zLPQANwyyf!{)wT^6~>;@a=`wlfBGljY($1Y%4C*8P$q*&4519f#7xC_Gz8QJ5v`77
zRYuSJm=J&EsEt+luYTXZ^s_4e`7$Fe-z()PaDPo7&&z*yck7MqjQnS(-q`tv{O3R8
z=i9f+U(ww0nxN?5cV4s%$ZsB>7HdYD=&uzZ5|zIeI*)<6*-Z@w$Un*jS+Asg>QkIe
zA}3O!qjDRXfy_WrC|*;W1OASpF!n99yA8iO-Y}kUrmI*grWmi1Aa!Z{KvVHr1fg;Q
z6xhNED*i84`d_T5Oe|LhRDQ3<AdM8z?<gdJ%Q?K_W)T&?6n|_CVi3YsKsa}}M7c%^
z#!>n<i5aqqa1{j8euKLd*>8kns^cSzdSkG;f>~fMtdrzGOTfEk?hjqAm#8FjSo4Z6
z)k-npy3v&wV>yWjXw;SylUe9h#6b`BBKnzHDLkUUU0bjG+yGuRJ+GUfoE~17r1UgB
zGihRHwS@u`>m$ft4@>kAV^=t_;UEx>EQMPlHZIhU`1a+yhoLdCFr+A_UMg54kOPrP
z3v_VcXr)r@It;y&DUpu)LtdA2IGh!KUoLbfsePVsG_YNzigh&&3<l&Swrh8E@;u6U
zimJlYGMEdsQsGsnIrYv2^qarEp6D5P>X{HwQoA6*HTCs}5zLUfG&IrgkC3ouPHp9{
zg)0)pp-evnFTW(UOwJQ&MqE#b)>*}2EGDe7Q`_C!fZr|ZaROJ`tsT_1_x5%U*6#tG
zrY4^%th`3`gEo)2t*`w%8t*oUZ=v7OLrfzn`^%*nZ)BW?=5OeoOX+<apyIq%L`9+R
zF6JHh)l0~D`oDi)1~xfEm{dO|HL3hnixIDgc-|;4Ts;)wt|%LW<uQ|uV3HHUBt&eg
zn|CkI(g(6Ml}9=>LrQg0MDL%ch{hNYI+3;)5RWjGs%Qn>5c_t^4Q99>d#GMtvt+L(
zsw;ci4C1_YJI0}#OO5jMZEmuOUaV%m;-1^&EBc!J%WRF}DK(#Z9pUum3e6H62O*89
zMLDj`3TWYsEB9G_k`T@s8pqeDD6{)#J>q}Acq^gepD~CRB#F&$-=3Ed{`A=7$dbeK
z?6I=4!Xyx{rM-#QpEV0JOSzpgaq47IQ)2QaEd^};h9U|PA9Kbdyjar>%)<r(tF`S?
zf=d<J;5~Zh(+Iswr0coWn#ByF@864_^K0jFwXZ`6mC^6W=XBkVP$RWsKQLA$x4k0R
z^;XB2DqcIbbgkEoDb?o1u}I0&74e8SCSh-_n0lq+OGMTsQ*14-h({yGpDKg1P9k%Y
z?omczGo9{Kn#-o}^}y#NA4Op=M#COIA5hzmy^j3I*0nP0q{aj*cJKIhm!YEL&#~*+
zxraQ*!%eOqJgSFL2%(>g-@c(c>iDRLUJC|&hhRu~yDtZT6e9QGZJ~Fw*+`9s0ZO@8
zJOd=RNQ~<T02NoLc|P1^x38r}`CYtxc$3|P!}~Zm1}T0-!sZKHfY_N=cySteZZF+d
zT}+`URThFOE$GsZ@Z+g7ow?3*7Qued&IsAN?fF4xa9$m5W{kqCmg7@0Tn}}iZzD35
zNV;IGrjP=dRpk2ROp~Z<2K-O1>QowloE|c*%pUYG5PCKl$qLMMbq)C0usEwg)+O68
zfP`iyjOQR2DKlQ0#cV`;V+K}Y<?CIvjz?NuqYP_}P%7IB3}RIlWV9-0*C^Fz3Y1hU
zzk=H;zeXWkW^=1-uw_CG|C##aPh;2CZbsvlNY9i`aqzlz5ZPl^=1(S-d44ry+gB|}
z3g8QiA$*~K#ggQ{hdJ<bP=Aq7D%+o(=Ja?LWIU89B(j@-rJ?y@O_rIJBb!?<`##P~
z4YL9%TV)kUCOOOsgjD%zb7_p9Kg~e+<@2^^G*CI-b60moj9gC9y658C=L~;+^<)ep
z)~TjE3Pj3F-Xz)~;g_9*UDmZTV>gRlqOrteL{Z9HPkvBQ@sx6q_mq+ie*a#|xh##8
zDFzNn#5}%di)o3>l%O~FWVwaj%&}`4APblpvjka*+qZAfaCKwo?syFjbfw11@zA=@
z=1T-FCrDO?)Me##@CY^H0Tom4lKp3}%C22DoJOi*<*$h0IZ30Nm4LkwU$e7}vSPBS
z6#j0ZH<?~jZPy~CddrDL2O*R>6nH|;F#AB3tGyKSnu1jaG|$#A=T(1?vItfFDx(_G
z(3v_u&fF{_DrGhZAB1xCSsa2M0!N6S0+Bk)j5{EmcZ>;NnFKw70*RH9H<`uINLwz!
zq4o&Pj|1rV2%>~JQ6})Bm@yr-T=elypx|+aT)5WKISCh`6G5u{8IIns4#k-~x1`x|
zf8ir#Bzo=Qit%Njq|QUK(Mjf5@-<rNW_2kNlw@mE6zQB+8)t|9@~M9F1E;$3SGZ4T
z_|kdR7_TC{dT^g59*UYK(e&~T{qvMKr)?sXfmS~<3D134OZr4OAhVhxd?BUA{K4!|
z*S_LkK><gCHVu{_mVE`WgMRXfT^a@1l}{Egb)^sT3f)WsqVi^rjsZkeSQHT!X+`}q
zK`S&^D-zf2BZX+PpE3Z%In1uh%3x*lJYpuMF5A%y_@JVwS2Ur&G<|X<($ly02t6}&
z0Vqp?cyloJQ!Sz7ACiQBND}@bN%)5(;UAKO|5=g*{#uj<FFED^5FGqNaPSJj!OzJJ
z{+Qq(i`1*d2CtJFyiRcN>m&z%f1-o`64}8Y7asf_Ne_NZeDI6p2YCX7KOjN)BO-)9
zC_~5@$!nzuKPE=V?+4yMuM-BWC(fx_uag?AMd<l2&;Fg6H&bYkSzqHtD&+{Nr|c{3
z5-b)@bmaRm_QqYtVy#YBYU-pw+#@Phsk&8Vz_+&R5I^b;jzj7JFu1CItm7c0kIOdo
z0vzG7<2rEk`1Shjo8k~5{LwnYf%Q9C8Q%!@r?9ef%=ZMC`m}-|q<sCMkMuV&atwbF
zd+1Dk9L1r!XJ6c9CE#)12;jv+W*Zp4#y*631^ahM-z`&-C;hA&gB*Ly_8h<CVMjkc
zz?xMjxRdVXSrqu6F=yX$8A>n`Eu&{m<7D_TGa0e6kB3mGd`*x}ZpgNTGh=}X>us6$
z%JKQFWI?VPChd8vFBsGbnEjMly*6~0UiYY)6opbQriyA%RLtE-$pcC>D}Dc7QdYv6
zLFX&FeqM}h4C!nbd8ULf3^hfZc~_+zwWFqp2KV~2PljBs+YICeTgMF7R>(gMF<E7a
zSKwqAV!18TOmIwcEZSF&5kig)P1p?AcXnCqp?4WG9ubvZ61-G?iuIGa65?E+=9S#>
zD{V71^yw6l`d6!mQ)W7Fy(yyN|MRApA|E*yq009sq3aX@&m4P|?NPr<#D`{9*Ya9v
z7XJ~CuCq@6L$^Qta@4)*v`1gs7yW*xJ?dWciv^Tr#a<;vF}A~xN>EU))FBJ-?^c46
z&uXk0QF`{Tug+gP-zn)~`s}?ZJACy#|NTl2^CL<<BR+g?RgzCKmCfoIUx^!#-Wq15
z2v1W-e`N(-XHI;=*dU~1J@KiJ3G+s*7EqmJc5+~pRXs&-^#CW>apRDTW+7oS>e?>>
z%GTF_Ak!drkBEzxLy<f0C0IF465$UC9T2I#22iSUBFBm$wCSsdmaU%%VuWn)mB^%P
z=aXqOGf^>Lo2qMQ7P_>ChZY-YHT6&yO&!;@EK=2#tss{8<R&G0vAsxUXN)lC4qIuY
z^Yg1z2ze-UGL-<C{He@K<Fp=gmE$jG?3w&duYmDm<JZkzngNN(56r>3zGJ_|u9;y&
ztv)=<Lp%o!!qKL{!Ix*@nMt}<C}NV!NL81S_(dLs6=}OJR7|2|PV>YzIb3R9Ey=DX
zd}1!JALJMFVPyHn#9#5v4>Fi*;J=p9%y0f@Fr2UBVDj;K9VhedrN;0744&rAYj~PB
z2~U%(u))<xCgIKVj15}hZ1NiX7;9tjG5OQChM#$^at>dUU;XF!n^(a4F+S%t0DqL<
zc@4}T;(J~L@b&!9YoPrAAM_e<Kg$p0!~P|F(R%PnrU^K6FH|xZDH-KaAYvZr^}LrE
z81gwT>{nwe*p?qfIMwPU_Uo6SZ1QWb#yF?ZT7>_EY0mJ6KaTdAsg~!0hU+lU>|VBu
z=lQ^wpsi(6R^a9vT0W1k;3)GTKgVmn2=IBNQ=p$`SMz%^*w(c@y~x_;gEm;)wV+qo
zU{iwvQ=T=h05&Zv0)^lj9a#oQ8vLBWU4wWXgume`Q%%hFc`Tq71kZ6;_Kmm@tGpak
z5t89IYjk0+K`Ccoke}Z8yaqi(R*gg&4wWTDS4qCD*8E_?(x1$FG!QGER8wD!<%XN=
zC7HNOdLqhm&O6B{mDPO~Vc#Nc95hkA*4S(8Z|^qt)<v>{NE13MngC&Z%jq$%#dCU0
zLm-w;$0G4f7o=qQ`C_#^C@BPF;_Kp1nGLOWn&(!Ieos8n*Q#86Y7>>fMPO!r(a|GZ
zY6-=o?N|{iPMnZMMX;w^ISbEfW>&jPxO3>E44~y0<vq2vdi6*(&Tq*{HBRY@hFf5-
zuztmU=4f6sJS9C9i9jfZRtKYNiG~5Suap&E&fYMKr80O%7gu=k343l%eWO%X&m=_W
z`)5VBn3FfEuSMUS5oIo(leCHQdSmXa9dqtBl367Mk}AdI8X76GwytcA6bOV$vY&V4
zLA5DI%YdMwh`alL+56Y+wvB926#mbrs7-sdt$Zd#@G7ZyvbG{Ci4tG5B{^9=yfVZh
zP$Xf20D=N3tL^;#9^gFUd6F|~)*Uy3l;U)HiDPufBCBT2y3LyR`5GsX$yS&<U*m+=
z%ryMdWP;ivh*MGAl0%TCF1G<7^<lgZhXd8I0x$PlBX~c=6e?zNKnwBL769JNDDNB1
z=oa11e?H;elCsjHjX;Q8UI2wZGUem*D{b}t{r96%PnK$GB2SNc!wf$}K#kFbHUr+?
zvkfPbWJvBhpCv<#0er4SQnXRn=A4c8n*w~Q+)HdesmN7<;^t>##<?%8R2F6)=u!}3
zzh3gX#d7BXgs;BSAk7_b0@u1zTpcIA`K1c$t%oSNbpWjH=It_&bsYhUypj(#7kOa;
zKs2Kd2H4uz(raBmlsdOfMw2(ViZQNb21<{3!z=y8F7&SV_YN;ZBZ#Pl&>g(-pF0XH
z=!>&7Sk`piD<*fcFk)?AlXOmWs-D8m71~HHd_mG6`$q!^RZUAAw~7u%+E1yo=J|s+
zXQ<32kna>8hUR_LFbhnDGP-R9wzX}2JaCRQ2?Oxtf`7aUXolKl4Run{wk*RU`npDH
zM}2IzOlDi@t)(3hfB(HjRbH(+Cq76UW*$~mazf#tzxpgQ6X}!JD>?JIe`*gkk$*Rz
zK09CeHjB}U)_A7beC(U5^tN_0M^rD>Ypn#?`qZLT@T895Q$9ndX$BGhXg2~<nPaoz
zy3OKLrQpPKSq6NIr8Go>jqAx{2Wl2|V-j&|k%d2Y)oLFrZ^8R6c?qOV>n>6)XLv5s
zJjba~)S7Dnic4Imxsl=dro^YJA&BZ0U8q`Dkx=<KNn{fCjd1sBn-udT=TX>h$Od_l
zjr0A()zvvv{()77g7MgcYOJc@j#28oZqXN6mhg&qJ62(m)85!ej#RyJB_J}K&Pir>
zYfS7xw7no<jD4k)ZC5)S8@|Y%<s49OO19fT4J)Hf&vF4~ypfmlHE7vJ+f)Y)SZ3qE
zCmv4aM2=Tk%qNqtPV@Wk`}YEqw+rtGNZX8+5)aBI3pMI)P&E`w^|(DWwFjlalC&6b
zsS*r6;8=~4rfxqTiPqnx@lvV%*&mFdLC-mpyz4v!s6F0w4}C^8*pp~&7r;J$`||qD
z@$1u;VIAO@NiGm70bG!o>0$!kF<J2lElGxboMCu}EYPoxzde1`vaAl9{Dk>+H{t~N
zY}*#x@7}(8d3sR<y#3P6;?M_cnmqtpkIVDplT&+)XFH8S2~NF*PX7M6hF3E^S@>r1
zij3;iF<H?jY3(2ivbHw4@EN>5z53zp%iI#ZI=j4T7i8`oW)u>VTm@R1tsV99)#>TE
zy}t0(_0`$y(}&nZ6P-eIQ2p8opoQhTIQ_rZ?=FgGw~(lN2W-6s0aTCn_d#dBh-r58
z$&8;VefU)fjd~TExFmIc|9wA&fjgzO>GuDV30ob}B#UoI^!3x{k|yl63#(GP#piG3
z!7`g(oL*i0L&hyU#73v&w+oV`cS5UQjBnpzH*SLDDx^P?G??9$or24s&d#r|UR_@Q
ze0p*A-9K{E$Val5>r`6zLXkx45}h$O`JQED2`b~ApmuViKDT2(k4QO<*@K_BxY6e4
zfNQH*U+WEf4$->?j(f)AR7mo>S$mLQP36J?&*#n$r*<>RKbc$u|C-5I)P63hCoWQl
zw-GZ~vZnk!yw5|F%TXW)m5<>f-f}?E@rSs?oM81as|nK8lmSMDU)!{Nq}pEQmYLi6
zXO~F(xBe9C|B2JeZg7W3<?@24yN^*{|F7%1y>YJo-*_<YKGy&H5}!J4bCAhG7a)w|
zBoHc(BeZr~H$mhdA!T=NNw)r|W#rV^7~*FhGdps&Ni>@D84)zMjg!RCtUE!x4?}TI
zyc}8^Ig({A>Au7fo)f<_y=&+EQZ9x5QSuZeoux-lzN;0QP|{C%wzR7=92aut@TD)a
zGMP4}iv1O)k08?)Bxjz+@%j#IGlsDUOhpxj7vrCQ_OX8aH2hT2|9g^r>r+qvUAH^x
z<?Fw82ks;N{}LY%4o$AFoLHDG{;<d3k^bMC{zKA~@a|e%V!BYabxJbSA$8^#9`h3X
zle~>Q#r+2}^d5C)6%~YRabaJ9;3@-#WJogNqhJ4yvIU6*qffj=Y$`3#Ev6_*$vTKv
zG`vF^6aNKD$&42&%whyp*X3_gj3yt040T&v$=J#X)qE(CehpocY?Yv2f`8)F=iQ&6
z^OUUFV`l!wD~@yPa6n~QCJpeZ43+!&^y2dD?Hlw>v-MGB@3~Rld6&#n>=QnyLo=L_
zhacpO|My)MgieTQcKVTc;_B9%2AR@}80G5qf~I5{uL;6oC`-@tG`w_yQ{oG0SgvrR
z#yo^zi8^V+vnD|8e^ujjQm7E7W_4nvgRu__2?^NT7{dSc`jzmdgxc7&t?+D!rnrb7
zm*KWOzY;V2N_CzEk>98<>MZd`pCs7=xu^p^Ni)<5KoRroD@(5j(4V0W`A9s8-S6nX
z|K4m>bKWKPI>xtA7-L^<x;zfzJfdYl;a-cM;a4v~`)i!aGc3rM+-oQMm^GUJ-y5H%
z3o^3~lM}|?4fGaXIq3Nw`Xpxb^#8QcXM}HWQ0F@bJ^LhFU7ol9!~c(NU;XdDqxK8*
z)P3=^_u^^)#nZvw-_h^S{*G*VT0z$ZTEAehF`!@3-~PthN2vYuxs3hotd)L;<K6MX
zV6TmO-|YKjy&tW@P<DL!Tu$TZ^I{*=k-kTJd#J-?2GzXXb6m%5@8u|W6^v<23F>ri
zaoTWV9SMTnsttW|H=dmW1^~F#s`DTY<|}BUkLSjd%sX5r#Dkn*x~CejL*<Y9hVb)7
zLMoMQ`zxAqW&Qp%i1r2Wj+_Bqpb4k(&pq7iNSm|YoBUlqcjj}N+$s8+#pR^<q^=RP
zxg!)s=rg;ConX7WV_#kQ_1{}%#!xdwYD4w26{ls)xx7fIL9LfJevqP0(vV<d>Iu3-
zo70i9-l9<Pr$WG2;aQT2`uIar*{r1aD3Hv~x|C{u1v1?Bc-MM(>cyW0Q9u`vMb6~<
z3b7CyS<Eb6d5ilom=Au&o}jl;c!#j>%jaL#vgf)g2LF~IoRa8ShVUwjg-MLPXmPe6
z>1{x{Q%@56yncO3n5dbdRT4*tU~eHodkY-R$<apc#Xcr5Rmk(#5kGVc(cSW?Ezj7f
zOXE7|vof+2RXPpzNi_v>l}<@vW@(g~D3lN~2%rG54OjBXjJYv>u2hbdF*YD9+ub+2
ze(3Zk^+W1V(~?p5ze4^h2?LMGuY4ttw;<k)UGt=BhGp3(%BN@=zn|NlzUCA@BZwQ@
zE40b4j%b#5CSDRs@f@@bz(k?;`}0@tzCU||PTs!x?$z1J)vu^_ZB#wsXEtK(XYI{{
zsc+h7y2?=XqTnzk*uS$!v!~d8=4>~js?kzCEO%TjPEG85aljc4LOn*Ks2hQ)wWrlb
z`BAm|Z~7_fe|?gqgr~uMASLhy{qJBr?&kErBe&ao)c<~oPyQ8UZ^}!30tBtdwOV3o
z)P05*9w<<I!he|{KW1`7jKVmYlN6DU0nHqA#*^Pq35ifjBD^F%)VI=<aMCtLG`wLp
zc#U7-c^Nh(&8kp42h}W)-9k4fWBnM7CfMH^L5M5P<r%HRw9tO{)hy;X-F|%m9SHqv
zh`Mb1P-rW7yP^J*Qmt!`$_BG2>9*~Ja!H<d#Q$Y=4X%xosOr1hOscAZZ9lOUC6`vD
zRpm5{miIYN{xXPoNcN7q@MB4yyXtk<t#?~#ofz+a=;jkTZ^W2)xEIm_#BO*OD#UF>
z-0ra(=2aEycASJ=q;BI3jOO=6-vo8PcS=|{uXs3f<LAog_E6;C1bM$Xy^68_Ee>(y
zk@W0*n`zlSA8KYfs1LGX$N41xTkV_C`+>L5gxqYRBG*eZs!-W@w;Sc{LIy-?B^}jd
z>r+abIj8xOYSy$$+ip9h$O0mCoRfCB-)#ewkCo>~Bdm4v`ys9!PB!5#@UYSNN|xDz
zf>q{NFHpjHf38o1%3QIxT9Sw#*s|R(+5U8jJ*mejJEG?A+pYxk<<Z6yD1WA%643Nc
zhM4@XX6F=u6{E;2aV|F97X6a2?}m4(1c40{uD-`TF~?g|F+eAcL&A+^<>-pvtB||+
z_V@&`HWcBMpeVlOsa<fk+u^Oj@~6N~+EYN2HTW06^V=ZugJ`}HU8CKfhjqb5!nL>s
zBC7D;&_SJ4si`v%UC}zd@~$cjpCn;?$EIx+)hy*J@@?<INPt7sY!zM-3F{u17wN_Z
z^dE*9GUl*74`je${|Tb`yTsSBf9V9QhBb%>=GQ3+$r?x53q*s+BM75QjW=tm3X8Ej
zAk%E<QMaB>rWAIilK_QV4r|(Iy_Lf5*)BNo%oFv9L7V$x$AN5(qM^vB!_w4u?1m^n
z5G=>8iW7igBp<Ful{LB-qAN<$E!c{D|8q>~ZJhcW5tR+^g=`{$Y%lRi*9Gt}sKeH7
zxg)v?h&I1o@~?C<<gKK+4Yyu3+I4yD3Qi4Cn_}-qrJ63qi?=92s@VVw5-u}BGiQo3
zTDk^>7TYX<-MM!5C05*`{cjO3Nheu*4;KNlA^xv7>JIbqAANWDX#e{XAH!Gbx$<&o
zoAJYK^xV$#YX<R({Iq*2tUH*2fLhj8O03UK$1JM>JLy3*hkT4YRUD5iIWJ4tm=8hG
zAt$-}XAV(cOjE~(Z|Ym=vh)`UcgYJ^B=Sl60|}RQ<@`1yFb-YpdkdV(kdz{DKn$Rl
zrquXL$JW#ws8Fp{{oxVqD$fl~h*x`Z+0nj)>;rsB_1~M$t<kgQ*kULt^E&p4N?>3t
zk97}JOFR95kz@fu84q48LuLV@x=30nSQ`A(0$8&a0@O)}DK(ltC%>U~r@gU@a7Q!0
z;`IaCZJoias!0|0HcIUcX(9h*T&jxiKX)m8$SBYa?|*+hDEj~OMvw3Rm-u`#Q|37(
z_ikIy>HB*O3j{>@_Ex9Ud7x<1Lj7`{c19(Y6qzsngSG+pJ@gdqZTn2id}NKE>YA4t
zU>VMu`5Y`;z1X}bPhM%%)G)u+8p)lX@Td29!=LW_h?luH7hiFqW8EQ}oJ!nOwhI*p
z`ZZ1pD#r?Da|dvh54pSs58`ycbwI)&eplP(>(u@iyr7SF^YLzOx|<Icv{RY_e>>K)
zg#Q!E3)-{}eE>z!CjM_U%Ikl|Zh!E||9y#1jb_|*<1zeHO6j|xC_5&Bf}tMOA%7Kh
zNUc4k-ubJ9*2>k%X)v~cSr@p(^(u`qKK+=HG{WIkif6OHGgDNPvY*T<^jpC!#tJ5J
zs&hxOKaMJ5Vhc|F+J!*pRo|hr)S}?Xx9aLN@XSQ*H?a?uup#Lu6scJz+1*AMvfJLC
z5hEChFB{E4LMZhK6Yzi#@%Jng-5@!*uIKlVmt)rpn%yO&(Uc3$xt~7qfX%IT%yd6(
z*E0K+UaMTIc)_H7akImUU(0lqTaQqqy)678>=0X@V{29R(DQAOJv-kkuEN<l?CDms
zmfp!#Q+&YpzlQ(2r5%|+zcWwcRnkcq=?ciU`9L@Df8EirZ}We>-l+d*|NA1Jyq*4*
z%6J>7z<e%uTx$3_mWpp<H+f>9pT#*Qp02BXa{wUr*Y1>LSo4&5h<D}urBShX8%2Q0
z9wf1^%DbWhOJe+LFdHLoA~3NO?>F3*GoO}#vYMayGzYKK=~Pxj`9t=<`u=M|)xjZ2
zvmlyx(p9+i?cZ$w@4DUm{qGMR<A1-%r^IG&yiiFRFG;o_D@_3ETgj6G2c=9SxQwG9
zi_;*QJ6@cUm;qYuD>?F9fx1|QJBpJvoQ#2KVvUrG4YkS0&VX!V;<nPQ_4+>wx_^qG
zi_jMKtde`cjs!hc?sN7E=gM^g<Xl33t<#e))m*$YwfuDDjZ`djzI5TAO@|&of6k}T
z`#;6r4T=0+eF8ST|L)iw<==mI{AmCGBA@EF(%y7Zt^h8lq;^+q1q||c{#)LHn*}Sl
z`b}_m;`$%;#{V*Ibd?)h=To<-Q>|IM$>7_1h&BSW(e1A>RMz1kU-3rtpRo^w?py|D
z1N|Qkx_SA}?T#MxKVRen{$K2FUxDdB66&L`je@s0!P6iNvVc(Mr`42*M$Y#^mal<Z
zfTXhBZO9|d4_MBRESMommTQup#LEPy1hv2U+I8H+PPbi#bY90K0?3)Hd2;|{Ywc>8
ztOEGp9>BTw>XTUnck^Q@=Waif#--*j<{58Rcq<>@y}$6gC-=VLi<fJ@!&|2g+wQMi
z8Hfi7hbVP{FBw?;S2<<#aq{18x^4w1IoESF0T7(ojp?98mL<}iJ;B+6Ds;KEv&>o~
z$Ak8Uk+Xxu!+x|2sWUTg$Wr)bx!vu;Q1l1v&ek^wMXTkMq*d!F2DeSHe0i?Gpn0}T
zLZU+EMQU{~ryI*n<;@Pr8;CT-b*mebShWiI1UH>A*{7h<7xNYlna?+0HaI={nvM2s
z72$@$`U1!zrdFyCC?tyn5>5I!6_;f5(9+g(5yzQIqE>pL9&g9L-tE}tu;h1o_cN18
zCL#;Po7C*Cuzq_mZrP*MdDMHFpGNYZ;B^z8O6j5Xf5TC}{#&ot??3AQzQ`wc4NH@S
zX(7bQsZ}N0RORhrV2YZ)GWNUE+(7dv0{taKpfW!T7+{GrZ}H05l83e4?K*SumT;7w
zpyM!%Z_zE8iZEGT4TPX~XNJF~!MxPDZ)zV+R319gzz5sJDu|}>DuOyC5%IV@2KCjT
zGZhH3Z;ot7&+_{kMBH2T7<xOHjbSDz>=gHqe@b>z?0|e@Hr#ZXdoj0<xvKek3eqb3
z;_2G3$JWj!iGBNOYIx}BjW)y<f6lp-Znubv2o(ocKW(+7J5Ij_kKGr6*g4orzObtw
z<(`<27KTA`a`y6~SzGeaBS~hS%pmzTjJ+Fkt-QeJ%y~+FTLmfcQCo}=Q2kvnLwE5C
z-3D~Qt~MNc<?t;o68k~iG4@ZH1nWfK*7jC&v{twN8Lpo<f+CpgyQ5aw5!o3i&j3(F
zG<OJ^9D^<BW2J|BweY|xhrz9MI-Ng{W2vBHkIc%yBeU`Zi6r|kNpvS!jt6@1zC^N!
zM)F_cPwx{1xXJ%>+{^oablq|HQU3c9pBi7u*nb(&bd@lc^4pa^Ct2P;_k|6IB`Uz4
z+t6Icbr%f`fWvJ8?qu{UTigu>!1H349m6dXfBN_s{Z$^LlGWO9j)ZlvqrFUP97U`9
z7osZ5qpX@9?mC0x_Bi4#!#|h!<GTp2aS$>Bw#}`ydm<6@vAqhT(V@B5z1oRKX!icc
zzVO@Mi4EBF{`d0vAA9bo`{@7kMLyNHcpk^|ketW<Yq9keE}%w42k(NDARpDCfCSOJ
z_25w*1x$q{OZ>TQY{xd>9wR*d+OMm6AV}mVaS&y~(*qP|YaBK|BVLLVawfXTwc&b>
zMV2M}&l;ZrRr4!2PsuF!2-WJh82VI9;LmuWcJ_*TG{XMbpGNP08m}_4y9Qum{KvQ;
z{|_Jif4|J9`c>tdUh(MjALE2XbP>!l;akgJ`wRBl1Ny1rBx&yL@<pG%lvBt$dbuEJ
zkU`qp+ILWq$9o#YH*IG_M^mfu4sNEr|2>>civS+b#nf<SsvKIo`)Q{yGrNv>(=&NU
zg9sw~$*DglS0r5q5#TMe1YHn6NQswmIQsV^MEp5nfMO2EPN#*oc2&D2!F-V&A-CIY
zA#@vrzK2s^qVXn<i2d+3qW_e5apdFlZnsE~4fKD|@8<n~`rYAU{QnpERNrB>=@r2l
zUsCz|)bM;{qZD!@nm3`7>jXB$@`!D-MdyD~&`Du)AEQtHT}9k_1#;maY@<D{>b$$^
zxOgsi*BjTus#6+oV@pwkYz$v1pmV=Cmd)Tc2DE?&ehnv77$P4)fGh|8oC|-M3rZbu
z9^#O5K+zhLd}a*!G2#U76()eHLIo@y%zB6l{mUZ+kR2uPv?3+|HH!-<2@60ap#k-X
z=A!}fII&?$J-zDd1LU`~=)vFovSyW%$D;@T1AZFv|8P2XwE=D5|NHK^kpFM+=>PF$
zK3nJis<!@=<@36<OeYU-`Y{l^pV6lopht7hzXvb8eL^q$P&`ORuU&0VCRSg}>Qori
zwm0#4-3HlWL+6yh`3j;rHMFSmD>Fht@(N~#%u;Eh@z_g}rGa-*#GvrQPI!EXr*Im!
zF8){IWC~PA^62IFG?&V>{b==j{A~Ye#{Y?8;FM&$SOM$#zrnCOF8Ke9$B+8oFY=MR
zgQc!LK0gx-9(8`e6fQsAU%Tx*_b0x$_@a{E4Hc!SR5WVL@5mTFDk1+p8850&#yuFU
zT1BHCp=l|o=1^?CMX5vT4yhbcl7xYW=@D{weCxk>7;W|XuM!_;<T6WfM&_cziv8V&
zrOyGVS#qQn_egSkiqx=Am<zDHCsDZfUA-Tp_Rt%@oxoHUU)$i$=I<^06p93~kGCM+
z4P7nwW%0L9pOi6>*YQM8ohz|L&bOG7bDS+ud*8@i+vdqZ=mPhKBf47Vk*LZ_5@be^
z(h7t+tXYThcH3fSb#8=eeN3{wF*!1~IiE_dkGf$8dv;K04iQP=>Jg&eg7~YDq_%?E
z`nu9CQQo&I_P7K>6#Gi*((TP}H&7o7fL@uMkjdhZq~`m>KE{_DP%*pT6B9g}u_Jh=
z+sbb?)$frVw?TkYfU+5B|CsMn?2&Vl2C;t$76NmL>Y7z%UuXt<i$zP)AWnnqE@#JM
zpTbYoDxFFgTVO&LI3?$4>=6#c(0{_+D*O2eW$B6($Eta`DLID~gE}TBag>pdh9QgE
zKNz*w7}I}7QG1D#b_Ko3K{ee#Bz~KTRuvGfzX1x?(R_koQTz01|0{I0ASfj?L-7n{
zi-598u@i&nB3^|)ni62fut$8Zcghw7F(e>Qfb8VO%Ox8vjtDeJSJ5$jM@jku%_!7=
zc>#L&+=`i!7-GT%0<i(DVXkO_*91)oiBL+G@tXMhaa03<`&U<eFGkCK3$5S8(M23*
z#wqw}-yrP<#801;Z%?<>ZB91Ld168puDbT+MYaUadxdk)i_86np0n4q9&UHfe5TYY
zlwU#dGs@4txI)|A$(qeI*$CtNd=`gVqiH2@ecIh_B{eB{Wfa5B<*nvb7d<ataTc*k
ziY>O}0!*E6D)<#B*CxZeK!0zozaLTQ(RdQBXhzcSf|O>z1li&T-laH$`q7WW08?{I
zj4y46hU(og;TW{0hLp26lkFW2B9hWN=Mis3vv_%CwQt77mG!i;;~nHSyw1QM_{760
zd^Zc`$Ez&9AYqLCLgMB^?PBP_8!J3yQSYa!^nMBrfDdk?HvDHVzm|ppMea*SX6Aq%
z#`Ou7+V#4GrDwl7DVYZ}OBvI%U*9f?X^_Rx^2nNHp>2le!V|H8&G{+}<>9TxD^U%R
z4W{Ol$d#>poy%V64ad3?s6k<R_6Q}S3Anf~apWJN_oz)5?H8!Mzs9LlH(&D;u#b}@
zyt|gk?iX$JtL3^<FQ2KCbsDX|OXH=D0O4N(EBkz7F3BRaJ>=}^Ym=XI#jLkMxq$9Y
zsP2TOs>N5IfY})7LiRwLvsRaO%c1xwmlwA>G@uqjeq!r5TrJ6K_7;`o&@$$kkd#8w
zA&)pqXkLy<NxSXOL<d3F^UapoAL26qEl%#FrDhQ?Nv=W7<mhU8p37y-KjH@qp++5>
zOtR#z*UqV=N!`Ju84knqa5WF2lC)-3{o*xAZ_^+nq9?oMXN>snzF!w)#vYP{11z0l
z*>77f;pPE4evsAx%a%!L=WLmD_@&u`xEbl)DpY3GbYT|EU*qK7H)NlIbLMFrukRec
zbZVx0ZHviO_(m<VETKP<yUQ$2Wt<$ZeZ8@<A5hl%l6Wb}fHv)wjr|mQ{rJ=6%OHiD
zcl0&r6ryZ~+W$dIg=l-AeA4o=l`V|2iQ2H{of~pT*%0;X=o!qd9^ZoZ$gTZLa%=TO
zGYx!loX&Hk7N>K1gx(j9gfJc$9V^TS)u7p@E!963B=CKCvH3dxnxC-<$7y=A3#+5<
z&38daO0MUA^BcOc)hq~0Jh{bsqjm=_<$0WDUw`_v5twYt)=l=M)tz<JBXoEsI!JI|
zn<PXn#qYmA)39aJb4=-Nocdoseg5O=o1f0!Twechb#;Du{nP0`F0bBRoL-+FUta$5
z_TuGUyL`WPo4z%J0^H^&KMZEXyYupgL4CbJNv^wBGK`HBu!aizHKCMIsRG$9Z__|2
zo`bk6LXr~Jqa+AxW26++twk+wOUbYag}skh2*Ta=s0)!~D;)19ww7~tSoyzl9;TGP
zBOe2r1<{;0sRwgvwJimQ{bdk2UP^E#IHw|K!#Rt~)02zStIOQ;0s8YJw4bh`eaeT~
z*9bJ@#yR}+w=b{X9KSv-8{j)5&$j-|0uuTcWL6d$1i$gyDLoUwrJ!`^ACG@NzJ7aN
zHMws(g#mb2)Q-wL)OqP)>N#95=Vb8>iN1dNTrR*KQh`E-d7xeT?0vv%{5EGiw`L|@
zgol}2iC=T4lfXZ}ZtMxIXNNkSTQW`KIQ!ZbWU;p(`?okno9EBFuqD{A0++9je?GlF
z{{HmM)%E$?i>vb0sNhD+vL_c)r|-)56p^iXz{^J5Q8X$tf;AV7U+kaAUBzWnu7yoj
zKnj?^+}u#fzHr<GJ67>{?FOhZPnrXGZ;Z+@;s4wi0?P%$4>uH{V%(tq+>mM+YK!Ii
ziR2}$D*n*8EKNpD#4uaDkJ4gNc0o>#FHf%JEjfAn=DV}+x52HNI?v+JCn@@@=*@FO
z=3vxXsMlz_)Uc}cRC{|sx2veZk0+R(h~eL*;L`Qt(<k&H4kFZkQA*=Vx|FV-l?~pa
z5j#^Q#qr3P)-A-KMrWzn5T>Zn<P=GYq=I#7hHFahO9z04olvx_*A`d7{~@MX`4|iF
zOCvO^!EDXee^`DjgVb>GDtar0*Yac478+U&##euQfu1JSSw_gmEX8c366U9fC_r+O
z8pKp1SpmH$rB&%H2@bQxc^XeiDUY4NFQ)5sSv>uy(``3P@M3GSGMr|s1V(RC&y6GF
znB7b{W)C?<Pha^7gEff=rP~f>^(z}qeo}({V3!f>j>RE1o9A}1jcHJ}LF^ARf<3C#
z{~(om`G^m0KxD`CZ4}-ep&1V8{{-`*IcLMysC2@OZI8Pe4)?b)?A7nq|6t4At}aaW
zbT|ss6NjeEI*K;W`AaeM|K_?qd4YunuX-1n==nBY`5Gmlq9oW`)EtJQy6Ap3`9I$~
zuZ`Mbq*~v+CWsnGjen(G6dU<AHUVVEt>j!C`6BbBt>=bBn;M_XveuOayBoNrRy{2D
za%bsO_@F@j`j<g^gg(^<9+cr;!OZRUhIHyEev-x?h?ki@?+7W**t}Jqgj^`s-8i#b
z#hcRvcJt|Oute{&NTulgF{l;d;qHOhF8fh9kp<#xvw8Q!VCNg#sb=4r-n+ldYrW~6
zZhD1lR8oZ*TQ77+*Z_9F_<Dd6E@MlVf$DWF0LX{fu1JMCsUghG3z39kAg)MyS`@v4
zj4Wx<j?&@Ed>h6MxqDLq2ANri%7*PU0#&*8TWv@^r@3*}Dq-d>nZeH2Wh*YQ><t#Z
z5``5d=}+X&7+Vh6fd(Dcpk22=5Nc*LE*PR4Vj_(xwb;l;jWLoPS~Z(rz4f^by7#tM
z!`sX{)k_f-uY!zz6FOt6*K-lG!}Q#as4ZbgO$jlNf}sSe;e$)0Wc73QGmLT);=nS^
zdhClr_^Sm~EG2Z^;p&tbZEBv@&gPA&6!%NOcB);ct=5g$=08dYTG;M#on!GDP-Pq5
z)o}hVZJsVr+gj?@08MV7w&+M*2EI*>p3Nfjl(Vw6R02fqN23mRtyoYF(!4`|cJivn
z&%Hm*^1rRUKd}Dupyv+q^`Cm~WB%VS@-efu<+JvdCS`lf$@cG-ldURo0bu*8S-~i~
zbv_waL&tWRI^Z7p*oqJ;>qf~uMH}%s{g^R9D7;GXY!-N?Z#yabslqj=4qDNXL16V9
z(r1w0YS6p7O9*O<JP2p!?LE#dJ_pvb^d!ipdr}-w-&CNkelOx_xN>zw;^Dg4Tb@w`
z*C(^URz*;NYEjUSHD0PWu@87`Ua3g5+%x4S`DMjK<<Dgd+<o1K^a_`H2~~IpS*yf<
zDqF_f;#W5;3R|UJlVYc0@rHaJ!-u48yV2JS%5T)2VRnkdMF?i7!GU`fWB*$mvVqff
zEd>mXmY1Luy<o>h9Du4{H^m)Q0j(*i2UFVsOOONmtBR#7>G$cA&eF;M^=I=!{}Vq&
z{y&}KdvW{4Pd)$d_FOkt|IZx^yN~?;7x~y49oT!W97nsB-fKNUSBrq6G!6+0C|XhC
zqbx=^4C7n$Bkv^>JqFPn#WU`mOwl^P=qE+6g}uzN3(qnP@hV%yY4A^A@r*Kivi@vX
zF1qB4B6VaU$qpaCf#?Da9|f3y4FN_JGV36m1dzOq9-;Sbi15`8v*>+0iGA9Bf#ARU
z<RkIaA7MO)e=7|(SKord8oH1*I~V|RP0}fVo0E+F6b2Ojdy6w~(f)N;G|Gpz2ILo#
zwf0F!%zt@oX&^NrzyeHOpf=Bq-2S!I>U28nLjFR~G>CkjhLGLMEQWup+bDJx^Q>(S
z&w$7pvTp2>1{85Ld=x~`S6zbE6Lh;EDNk}JZZb{@qN^l{#pO>|yWQh&`S6d|`G3N7
zjzc2C_T){fIVUYyD;dcB7N>%)rXPrx0pYOJT_R;+eF1{f^oBcWz4+bC9}hO&lwjX5
z>5KO?peQ25XBTjW?&1}?#ZkuY)`}7kqUq7TRNi`lGY_)GYRWc4Z%xNb31j#J9MVpb
z#_PZ*X@@_v`>iJkQxs${3PlM?mjQ(u5Nwb+$@YQL?SoUGK=0w6=8a|?wkU=_#-on$
zuW_ekt<kdAG50=-%@sf8pW9pcxWT(CpSC~xNqIbVf5}t#FfYk=G)ccJU_&l{S+;*$
z<c93@ycqu2_w*Zo0xY3us-qUs?IQ3N>}^U3P2z|K(~zK9oFeWl&R9ndcExklBX0r9
zr`D75cLuIGQtqf<@`dp*^@NZ6<5mC5T=j-BAU}jloRkZ5f6nUyqjofEkH_vWbL_s*
z3uDrxKR|HV&0cRmE05(I|H_}D{-5(Rh8O(3jR70{f82gIum2yrqyD4*|4V$fiL>bZ
z{yV&j6+T0((T=QFX~@OnQ}~y73c11jZGwMWkrv;2?dQ-ueuoVwJQld~2M>YyjHaUj
zi9A$HbMpA^JOHLZS--%ilKyi;#Df@uH_`u*JI>MnQNKTUr2k*yQ|JB0&H+SZQ02Ds
zGzDiRK~VJ9Yr}_0f6EJ39er(NSm{8Ll@s;@Cr9GnGGmbHtEhXa(b=N?on1}UpFUNS
zDQo)T;WJ-4_{Dw-@hZ$je4~&H8%cqR^69u2o@M4U3gcT@P|JP|jpf<$<;#t3y>?I6
z+dXt*gYWUGJxzCb&z`1RzhqC>^^cfz29@4l$YK97L)Z8NCqmV9Ku2OEN@n*cB@wyh
zjo_cWmHM{)3Df`l;`hIj{;RN=`#%Aj>Hi?l|92n#|G&&<mtZuALcC89*WNt>+B&%s
z^A96{sMG!^cl?Fr4y2+RKitsHEC|UF`rO(gl288qEv95NIE}p6Cw?KEK^+zqki2Dv
z*$ScN&$$0p^#36}KsV9<L4p1cyCe6J{(p&&LI100a#?zV@}jN9<O-Z#KRm&HB-8&E
zWZF*aP_dCZO@!FTVor<AX)%O=CFt&FQGEQ*r@w#pr;Pr?0qO`}Q0_K&ujgPB{U47<
zdH#Pq9zN3lFY&Sc|7|1TG3>k!2dIk`mNv*zYF<#pl#H{LMY7y)H%FAqCWAM|mX>7p
z+W^R_rd$lAdVF>Mgjc7*QGoDDJG{B!-Wxq@_r3uV6-hSAGIo??>(~OK9e=4`yp8n#
z0R(}K^uO25>;Ffi(Ifr;5}!Ky{{=|@z5GyW@7F_+`bR4N7pC$%5%`Cp?GH-Ux25RY
zeTwuyBQ(=lfY@L6eF8Sn|K7Npr~l*r@X`P0i+rl>zij7EwF7wR3veF$C1k(s;&)a7
zoTU!8x%$UpvcPXvOEfghob8>|Iu>2GDB~iIZ`wx)#-%IIBa}8s`x3=IxfEF`#KUBK
zvmx1n)j6*?F3a#zw(@aEQuF09zSuCl*|m0bk@VTB&Miq%8y0Mq;w8C_)0?)LM$V?r
zY@vZdOmRl*D|DAPwTpDuHqP+eDE#Kd%O#F{v#fY~is_<le$nydpHM5<`02BepYI9s
z;^Ypop&%|cjzfy<8XJ^ks6)(hP+o#M7id3DvVG{d58dG3vUZ1EX-AH1<@;xS6i|^w
zQheuCY);MHs@|u3TE8z;MqO?adfztJXBtHC4=6tk?)T!+Nmr3W7pg>ag9T*W@(XBv
zS6bkq`7Wr^07jNi1;3C^yt%zm0_o(&E94hV3Dm!mnWf&4HAx>*XIb_B0}0?0{G<JU
zyW@WU(f{{P`rPmRS8-Z9n%(6!_=6sOWpChw<p_P|C4~PE`w_LT2w1dK7KC?aD4+-f
zpAbw#(ng;oAzP&(>U2`VNao-`{<Gtg5Z@uU+hnpw6?K7hVzfqOl#6AG_rrJ|M1bk`
z<_vlNPkuOl^Zn_ox8FNU|Dn%V?fvg{-O(`5|M!Ny@#Fpf5}zmN1OhU{c;0G3o`G2q
z66D9;YRNNsgdt*AZ5k38yP3}(@&gH%h`VvNAaRKB4vkjJDM{H4TTw#MdrFo#$^s9q
zIUxz6`LE9xS(Y5_@AEp7PMps7oL1`{<=I4LaTvz83_=)0H!yHYW+Ww%M^HfNiqIG6
z{DQs!12$tff{dah4dRrwUH6=k({);{uh1E5e1y<MW=atG5xjW0&nO4iqR@Q~bpJj4
z_sOr5)>r8K;s}Vqrmo2<4ENtBDerXx$Q*6##gX2B&;R@DK82;0^7o_#E9%KTLaQhX
zLbP_Bp)*Fem?FH&;?A5zjO`~rnqo?P6h~+tWO6~+uEdle5@l&XsAA!;v6x~@buaeK
zlpxr5p8o+Y<CGwuWH<<^(`r3=f`(4daa*l-kZ%S}Br%c5!yX97-bv3H40}$m^TEGy
z#}n1P+iD&AKALcoP7p0f8e~koc}>zexy;zK=64gFK}v=bvs00=14~H;WIX11X(asw
zfGCN5MVTeeuG2S=)_N!#-$8FMbk?)s^!lJbb7zE%$V3B>XnW<=k6+`&NJ460FOfC1
zlLB$*Z-hQ;bbE&yT|f427|R{+-vqb8JPrK)n*-Vrk=gbXT&Fj71{&+$!9C#g4LIXQ
z%QtY=gW2?Ydfn|F9uDyJVb=gLY67Bv;H(Gk^tw-G?f_p8{R0ESun~ljv-Y~9*?8FZ
z`n|rn7=uRr2hQ4`^~w0ab$k8Mq0ztJsDIyCPp?N~eBC9ki?6$V6GTsgu%hHUn0CC_
zC%J7naJ$a>aC+_ayZE{{IK<Zj&w$qGQ1@Mi5WXHwuMZCUqru_WH$Ze7f#^DGkC2(`
zdedtUU-!ovf_tB%+B4uBY`HYuv9s>F<00|!b(bxVaoF5(kwyj4G+sqMcW<zP^?QQ@
zXFVDcZ+hJu4!qvsLB}<qjkZN?=&aqra5(E9dfkCHGe8ZuBA%{IJYC0abcWqSXFcf7
zW`_sfY<lgFOa%J(*e-KTjFUVMa_h;+yt%cF&Z#?a)-$);J?P`>L63~h?QC>PUDsK6
z4-ST1-|zY}d~MLL-OuRAoX9~FG`fe*+8Yf<)9bNIhCP#lG@_ziMgqI;nBCdl7+?D%
zWB*6ZkI$g%^z+AO*lK+jd_?DIyd>FztSHjY8OUV%2^y3w8Q13EjON$Lbsb~B`deYy
z%VXJVv`l?x?fU*;z#eSZn;Fa8<hZ$qht3*byQ9I_>m78-^xD{Gn?*?p&C<Zjh<{G$
zCGl2iklmfcQAR%UbI&-kCC&m5hv6Lxq7TH&WYWA3QJ5InQ!t`70F*6o#-vcX3OLU_
zW323gK$fp~#xwXS4A6P(BZ&jL%y8u6)E9_%Epoo~L07lC3q<{l9Sncv5g#%3wd2Pg
zEzVXlqG+<_qU#-Ah7%=D@T3SDZj&429`>EJPyE9JG8}ncZ)o5(zQ_E!2Aol=#Z?_V
zX<?edvO|tV#;oxSX}Lr;OirQ*XR@xnF)e<th;Q)ilJ{nCla#E3ctsUL)73JeE!}^x
z)rHBu3f=n<^`T}LyFk<#eb~0*YDyx!<V>!Qu<r|%sRHXVfsEa#MoEaMw;)T9L1;p}
zV0MR+G|pl#4w3ljc0pisBH~&4oYKcxBql;6@{>4-vaL|L36iUj{!CJaMi#T(^thyI
zEUIz88PYdFg05a&vSkitfyWO|9%XisBJ{)6)%oR?=&M!jZpq_xM~o44hrTx(_h%z~
zec0*iy+3SnGY>|L=pJ+j!?EiRedFkC$-RxoLuY;9c75+~*qvSvT?5pPcYH%z1%A|O
zU65tGCce>U!tUrS_=sj{yhPSAa`TGnK5VtPB98b7r&%z=p3J)l4Jo<}vV{p+byc_A
zXH<uzoiK<perVPs2g%<qPLE%{K6REpTqjdc2PZK2h*&?Kqm?p}tI7Wcp3J21TRiV;
z#(|mSv)gJR^bLCdzfO+dU7fvs^DF#$N!BFAA({mw^eI~4H9=ECB2FHNk041Hth|FR
z2|@4QoqvCE{POG#o7=C?oqhA~Ct2JXcDs9AAEGr*kQOt(MJusd_H(ojFnWJMqIiun
z!gWpbXn&u*T}~>#p2is{W%gh`1IIO08uBi}UUGVtBr;Yxi=`_%3NxzIUUH#&&Y(A9
z%#Q>s_z3ffc@Ga};31MQQpVPcW^sz=2DXOcNTv5QlX{B$ouGbl2M33HjM)&(im+cz
z0CoNyb#CMI2DItCUf;xNwLZ%?j(t9(IP}#t<mWSr$Zh`H&#liL<753%|Ly12XQU^A
zKBGamcj&B#W4G7qcRg=<Jv(6Ey5oVfW-_PW^*sM@=%UYZMS(Ts53R*uz{-}FDt2^V
zS6@G1XjV~>fn9(t)e`#z$!{1bUM4sTrXeu^i0xdi!Yt@`VZ2gXs~W-G_;$5Sh_8<l
zrzS!_1q7z=GU;_R8g{!t{kn&}jyq)MtM4B6ob}l4lm7I&+drI5uSsVp;U5}T{Qf7k
z*J`!i#B4M0G+t%s{js2D=!ex*AIBV(OR#st=p0vS>H{kN^`Fbw$KltC5!y3&q9l#M
z)Dq2)S{=lxFt>j)l16B&gMK0;L2(q`q2tSwvooj$ioJ|+8PB5_k!AcLpnI(jdK*bC
zDN0BR{WVPBq@UA0^c>)Fj*U^w=^bi+ZnOU1V(%skyc<Ye9X-nsce~@dRC~&L25K8z
z_J}|sMb#E9R#Ozga)z;Z^@GTw->SQQx~FVg#KQqc<HwgjA=hOa2>%+(tv_H7*LfPV
z$xd=xBGmK~W2v>ek-cns;WaoR3vLGs`##U_ooThd&r7yy$O9=pZ3B4&%>DzOdsjj2
zaZDkP`7{WbOqIoG8T*Xgo1`Qo5ku}OSdw^^38H$7gY3IFJ&*lM;!TwLnWwJ_BCgg|
zL%>N1q%1|1Nd-20;EbIvdY-bEQ)F6aU%7iPI2WOrZuagIdemxl(CgEyAKt!{?;vQI
zdDjVv)*MIpEkph)2^j;*p2_HL8K>-uyonKeD?ygy8t5E{$x&l#!sw`GZq<}H9i-N~
zrk=A){+gkb{I-(BH4K&kNW_I&4*~<Juopv&<q={?h^nkcHF)GLh<8I*j8PNE#!zF>
z3}<Av3PVb`HNe!ov*u|qpOaKNT1Xk2wPYe6=3=*GFJK9%{g#X$?ligs#V?H6Q8^K(
zLmY%Ix+N)FOMX5y0^L^YVii%zY>SM66ND)fE9`xH!Jx^LB=1>4ba}ykArW0cUVog4
zo%zS{>sObM-9JeQWe?bt%wm!Ie~H-+YUxD?L9njW;aSY-B3^|)u&p#+5|m;Owu_@f
zxg9UXbV0x_V#(G6XT+odz9`7_P!;P9zRqxEA&V@-Db5xoRm;vPs{%HBz<ui}r~|Dm
zVQ<XU`71PAMNp-IO=*qOfW1cm2o6;iqeV<J2vKDB){(ZsM#VXUXr2-(G%X5=KEE+s
z3&TdRI3(3f^A8Z14p)7#iu{!L&?{b(6uAf8F1KI>^N3TTX}C(K2xsVj*K(=f=#6tX
zN`!(02%*L&344Jf?@q`yLXg7$T&1ML4mWSF2H<3fiE%sE?KSLlY~pF)b0ecRD)QiX
zbVKgs0hcX){OJ-@Le8#OoQp75?d5HtGZ$t<Ig&~x06T_}AI!j#D=~Z^EFNG@B&PBt
z3?ELqat92S1Y6vHv%<KKGt7&hnWp3roDk50QKIvoPxxxeNOz?BNaP0($8dK+FD}8l
z1?0K>_8|%r>8oiVE~>0>6TQ4n#OGHeNdqR=BH2$PFC-S;fo&MqM~1<gM1)etkWV??
z<-&>fL3JdmeK39JmOxI6>qzCx3xpXcF<Z=6SC_J#0%h2>@4uQojbiVh)jEcS0@a-6
zGLFyBpw<mZ(YuRRx%I<_c-IFTH<R2@nfizy6xZqX9pKGfr#Em0fOe_wty;_zQeK(-
zXW%m8%sG2H;uS^NT@q7iQs6nbN;K@ybC{FujZe9lUoPhtMg5IZf7RD{$=|}Lf7tCh
zYkci{<nXZ9cgNG~0esybJ8OSDy*}vq(`(WnjHlNOqY5SIXXK80LucI^4+ewb!GY)X
zeSq(d24iPU`iCCAX21@o*MlAang>~afuIK{xXQkEi(dnv(8oy`pwZZM);)ZE=pOd)
z^?2YO`tbDu6Y!_k!@<Bi^xdJ`<ABr-4j%B1xW*lMD5kZ4FxHf;4?Ye2;_!nh8X8BE
zA@NciS2SG(A+HhuEDzA5TS9KaJ2@0Jx^`Qw)@iiBk;llJa!tocLU0P-g7PMy9tlGn
z5q4R;kl;wOkbSUbwNBz?65erw3EEeoe1&}S(s04}Ds;IZVR*ts3`@ZZkPcc6h=e<I
zx`Igb9oOhRmc46e23K=+232Ijpc3w=rS%A_$PbAxZa$<8f6or4R^y0Y<onMga@Jsf
z?+AUz2JSgPno3SBgQf3pEkxZ+!R?Rx17|%P^`_V0hSD1oeC@&XO71=z>o!hrW?_8W
z!Si`a<~WPf+CfX&tI>ytU1vSQ*M4`{BSU=6r~u5f^anP2DS@dSzqE(Kz#Wbbo%Qs3
z+#7U<)9Zt7Z*T~wqd>6q#tw~*#Tiwvk9>R%!O2m!9_ZHc!TA0Mgh2qIFW~Xu>Vp?$
zw`CEh))DW^LuxBY0fny9a}F2^>>sXqw0kW}umI~sgrrS)85&I=iXCKh$lw9oF1zGu
z%8l=y_!o)RY*85R%A{h(jJ)JY=0vCmj|@S<3>A~lAyE%Sjd5rYvK-^)2W-3(Vd0CT
z37fw#<p2|A>xmfI+Xx|xZL_+<<Di0jECo@|L1wWuOCsJ|Is3kObq?jHg}Y))b9yhp
zqD>+tp+toEFeMzR66s*vG?Yr<)(}vXtkNW=2IDoZljG<Dr{tWgFW<<Z0HKK6A)Vla
zYdN^(pK<yiu)n%Q9!cdrQxgE{pHhYB=m8I|tDp`G(=Q2z%gwm7h1zO%XSoT!jNwJ!
zF;alu*UIs5_iYd9(Lw)Lh4e%5DE;x!<R$vrHoL&7@5R2T7i+N=zzECfE%6OkL}erb
zhJauiC}m||sCdogtquU6u%j+x-es19+TMlyAOHfseMSqQ6jI$*>ov?$IQdvd83eG?
zXgvXDC5V)He}Ya-M}sU*pf6~Br(x{f=p(>x8(mE)`EA8$)oHX2(l`RT^|Mk(S<dy@
zf>2^Aoa0D83q8}<^!_`psCExHJZ{lrbj0+oPLz|Hvm{v>coziJeL*y*6Er0dW)Mkt
zbuW(AB+UQ{r?7&Ii9L87M~rn;YLfDSQgaBknD8xBE*82^>ZLeQiXV%xbB4AFc(~9_
z=c_k@F|#LW9Q_ziLAsSIyGrIM7RH$=)NNe5x|4b^;zVkJDUq6-(`fxOPL0hr+^p`u
z*{<GfcVzfUrJ1mnMX@x#S+Q9cucUSZ95cXyW>OOvH9<Tyz}bEX9<nhhjv-a88C-08
zUpHjUtwTqna+}5sAyBmgIt&Ab?TWIWOK>rd!b7RE`y=r8lwb$N!@`*)9EL)P1WL$A
zYtC*Cs5nd-4A)4*G_oY*+)Qa%h*K-mB%Npw52bu#6YLx3P!ltGd4<MAbfH@-Q7W}4
z+pAG3zpq!MjJqRe?a!vy{_yZ{I6j>9#rLJ+SDgj~M9^XB_x%bTNTpV0==MPPIrIna
zfj^vi2V5;vCKPEcNRM&z-vuAhJjKf;PGQ4A38oqxKHSOZDWC_f*WC6iY>I}>Ojr%Q
zIJsj-T0p%Ps#WeADxLf+Cqj9P0xBg8ANebb5P@WZLs3IaVKZ)B8Wz@+EaQv-l@RVO
zdc{?j5r`T#kq1)~$(WSPd30VDS#}vh7tXk+SoFmq!s(m~I*emxKb^;nMGhhqr@nA?
z6#khRPUj?JzbmK%!N>t+@Ng0c^Lk2tTLmfMp@y(tGC&G~_*fG!#FXY-dKBEgaFhGv
zE-X9FrMC}l{e9ha9d*0T+8qq0*Pibl_B?!zudA<d>oY3Ra&X1uf$OZh-e5Gt*Q3Mn
zZ07S3$~7OgmvzuPbk^O&>2-H7z}Mbk-zTX05^tg){l=69oN3~4tuH1+F$}y6O-Xi3
zNTldAq?-yu#`sE2jOHa<>cV^<$McY&*F3Y85%8c1j1)DD+afAt%QP08n51*cM&l|v
zOu-^9Y}+$}vsFqUEHff&l1i5d;-l%E6*8+mA6gu5jkYk-6wxr4ac!6Zw$!}AR_N6I
ziJ@ZG+%h)M!_+hEfN*oE=9DKgx?v&?nUp}qlzapDgGtkak$&5Ggw;e8WqAW$={lq|
zpq41iXqlXg$b6x}3|g(T8JdXmcFxb*#H8XckRM0SG9;4bt)dmx3Rt0CG5|i9`h76c
z0u&F#I-3Do2JUDKK{5*>hF_3rFCiLpA4j~#K`3W0oqUvBY2fR&TKND~0Hq>6vIPlv
z)R6WVlA@}^4vO%n=a%gS2@^%ft&pz!FNbkv52YbcJ}Z-4Hnj=7EK}^=tP=Dgo`TEp
zg#TTZd2OOVA8?x-6o6smho3Rx3&vM)#gl5jRxhr;SX@KM#Sro_32}s_-w1bygXhvm
zL`(2ER4yfGa{SBX^~LG;XK&w3EcYeK!!gihA5B-@4bd*D&ZyNAxFblH&Cz>-igntA
zRiu16K#B?DZ)QR~5Vn=+InEYpv|)a#!rf!?<MGeO*Kg0SE+<Ch*#IKXtS4U6xxW0N
z#3@F4eSy=L+8N;uZEAnj0TeRMvxXx0vod`ETOdD;lY}cHI04YXbsUJEfc98uSdDxA
zT^cVZFLH9AabHhMn|S%31qR^u|0YK8-b+Ws4mvqg?rvF((p6+?5cx?0|NFjk;Pe~?
zt1Dkns-5uB1lUx5O2kVbZz6De;$WH~GkDH8H1@9rh8U-QZ!|&A108=BMCkpb&v=LN
z<k#m<`mQ_P+jG#_4Bf@6XDLxoC0QuKd%>DYXEb)v0x!tIJ7AC}rYs+lIri=@a<dS5
zakvnhr7I#XbKh}$59T7$@Arf^U|$3!yv8>~=gP4kFU`v5?y30JKv11KjAkL8^H?`{
z#qzE_astQF9YiyV3f@B!?|x56UjX+IaXWG;e`+)QP5FJB%Wufr=l`nXnVq4lM|KD9
zz*!%R4|-#F<_!)<GlR#Kvpf*{`d%6uu2MXk1s+fNr7ewizEnT<=)M<69!WBlvzc~;
zU>8Jl`Q84LjKk|B3}8U$9@jN8n({3UapaMddpTVQhinnC<E>~GFN1%o<Hb)w2rgBO
zxfSYccri^)4r}&Gv^p)DR8iYmiHvc~#@ZTiVnt$NicZ+_ml7LKMTE$+2^0XuDLV=z
z6|qMzP5&9a=(o4GrfD}N+$gqx%wEc07C}bXa$KxJvd4~hNN^fKo)iP`2jgt}J;~Yt
z+@W%X{g$&Y7jZ}g119}VJtiDk4zaA!OESwf5zL<fNEWhJ!#$Xd$32t`I>6P8aG4Xu
z5%-_SJ@vMy#F2E8&_Ed%ykt@aLF6M|CgKF=BA*;|5@H_9xxg8>M+#qg4CmY=ath5_
zdIa|P;n3Qs?n9{;ABuWaX(3#v?>esaS6^#EYNY$F?gfAKa#XJSU@r3P^z>R9t_V@q
z93A67h1d9b8c#)ZuuqaOz7tu3uo-yZg)5qo6#Z|+g-{9DZMCG+z|Y68-kn}vU%q?&
z`uO4>&XU`<g(&z6GsfuL;7$7??&~kJ=UvBj%TB<iJ@1yDfcn>QV2(T-=HJ6Z8R{X$
zfwQ-7E~V{GNDLHIA|LOx!eP$1{J^{6dKM`T@YU^jVW5EbRY3bJn9D#H8JeODF4BG@
zBxuH^5(VPHxI6dIaV037=S(?lwZ1a8>`3fV>npY+M<TNDtMY|DV#}=Xb?eP8!l#=Y
zr*mOx>GOaz&LJwkJeTM~v^-z}Hd|4U_=ItuN3kmngm4eHR`ycrCQOeS2JXRBSKYqi
zoezXdiM<9!Q0PQ892K*AWq1yz{E4OEUdUh*nVy5Anc?{h9{(gBoyiCP#&x-|5Qj++
z5k1(DTm98cZpjp-ah#!em9f{4ttEJ-`$4KY4T=~F36Lvg0L=u0GdJldgB(oPnWu5Q
zzH|JEsl+LSOsTOn&0YqS$+A|uxaz04<0=sPwlr$)Zf@S~=zZ;OWE}=do){az8C8Qo
zBTPN5p;Lrev{#n^;)s+wR_OPRf4NkdSH4f<Rl-?YloD_xA`;F>K2i4B7b=pxg}Ksn
z%%w~P^TFINx_$kej-0O2m~-aeNTSCJT!@xKr`H9?IZ%KIQ#5;8q3^KU?RNRxuq`qe
z>QV*CJuF1Ui)#kbC`p$ASAuoIc#fuIf!9I2N-dVYaCnD~dr$xiJI6Hx=dq7o1~gsq
zZT)uTvo~ZD$g$zmc*E$)%K!{tlYMqiRk#*Ux1qa@WH%KE9M4eT#Swab8{7njfB_2>
z-$r}7^RO@t%t;yF5R}Ws$wOIW;7f)$ql=(gIeMO~Jp=TBJu)%|ULJpjo6WLN){38+
zX-wHH=5q*-;Z{q*#0YkX+aJGzS-|VcNhSD<Ds{{ZTn9u)73dWZik@?Cv?qf>&p`CS
zn8$A4aWz=w3&tex$S+MJAS5C-l8EqjGyu2Ny2Om_{HLH25<Pe^bUWqLWNGE#hKU~1
zTa1YwD%MLx{rRPFtrOV)%Z%;8k&xN#aAP*~Lj~CM4h*4fC>%~vf>XRCjC+<E^U?xB
z@Ft0Sue1iDyp*_<Vzq@HUbTt*D#(!?A16ZpMey$BvCtvQ&e+Vwd5bCHY6Nz5%fXu+
z)U3xkOO&)G6cagDC_IGm{XGQRiacG)A&@^VwW^*B(;K?ab5nP4!UMS(Q55paK40pN
zR3dfQ<?Bp^N@f2EgzKj3Aewiw1z}7viLwrVsyack=b%Zc{%L}I!o8G&85fWx(mtU<
zD%=L+RYtU<tWY?yU!vG29Y*#-#sUdkJGYFxk*>g0U#O93`ov+ip8G;RvXd7KFG@17
zZrui9D35}Ahv9^H`i!Y)Xz9GnSm4`0WE?h!R3IiC@)WYL>6dG$qRe9LLJd=XNAaAz
zW<n1r$3(e8^9OyZv|dFyv4U>~m`{|yeHXkrWS@s3i0oST^qXFLzAbt85?<(l_{tJ0
z4*2bYK*Tjf92cJei`cVwAi7hU6Os8&h+`ry8m~#o6JpR{;H|Ki1#9w>U_T5Za!I^6
z@~QBq%kC0_rYi_QkfI^K^c^paqYv@a&Nt8(v83FBZJL8(KcCZgN`&(sMB3-!@UTv9
zeq6-27x)&+wn&k|N>u!eTB(Yqr?ybR%2@wC58^EN6lwE`wA^sxV<}tQg$%w!E(TRG
z&MISPU&M-mj=IblQr?n_IL_Xs;lxOm!_Tnkma6sB&dmW(x3$ao#+w6*zWExtj(g~Q
z)Z;#su+7f7tHHXhi5VLVyf~d0Hk0s9Fz8vF%bs97Ih;d2Ifh^Xp4yElu~!Yo`Ow_k
zZ%N&V#&8e3FwkCB9*)3K0)yZsp8sEtFB}bctm0cB7h@b5Mw~LHOm!S7E?*e$;i_{x
zE-;D{gL;|{UMayj^Y#yzE`pOdP0-K6A18}V?V9jgWe-|s%~}{n+KDljVe6cSkW@=U
z6OoK<nLyT?@J={=LnUYb1quoFbt=6eTH`SA4VD|0=SB}X*me2(Wd`X!k9x|>=GE4J
z#HW$n>F#cU)wiv3JK0}^rP5gI?gQPa@z@zCsE4huL?r>?+M!7qjoGuAN<S3&94d$H
za3Wmv;gQARExx1jt(DJv>nn5_ER!&p-7)zi@VH;S2?Ll#@x|3Dibyz7=R1y$B;XY#
zXtrWE{I?Yj;SH0ao@z1&54S>n1$5k+S-CW2;tt4Fg=U2K?3Gf@wbkhRAg?@TL$7&?
z7%5r$I4Nt?V@!&GI23gil299eKv!i%gRF5%cMb{a_XfYJ(H_cN#1>I$C_t&#lt*dG
znk<7TSgw}Zxh5y4nmmiXM!ljUuHZ2<DapD5SFlmv0)gl%gJ0f0FSL)b(l>%fP$bo~
zJ;_-w16l|q(0Axu<W(&U-4ju1rdNS1_*2O1#dGX%zbfM=1#0kc=fd51MMm0mcvDC=
zWj1x4o@Rx6(omoyGs-xh1ZRth>Y}s>KH&+X<ozmNY(ex?ceik`&vMm5g_t1~09fS^
z%!$<Mkb<Yj2@btgDD0L}E3}G&-&RC)KYJ<NGQnXfh%8QYcXH4hcO^M+WlrQ04NERX
z2hTyG`wd#HtGgry=ggAJ^njj}y-{C1Xs)3h`aZ~hSWQI$HPR`sxnKeex3GM?y1L9|
zE$9o^$=uc&CxSEV(kT`8nBQ>)oFFQHW$Se*T-z>5riV}(CRls5uE!=TzzASUKu*To
z$eqNz&=pK7%hF)V<amtU#6D5(`+b=(9|Fost`SddaOiY-f?7;ZtX~FW1xC0`nn~28
zEpCYu(AlWAV_{el6e}XP@J@1#d5$qG7?Qy0g2!wdH^v$lm`Po~O!kv$5S5qJTfwSx
z-5h9Mh|kerFGwKcwG@QG=7)Qzy__CSlpkq}ms=vrFY(6<E?LualKv3W>@rJp$8Cv$
zLGe~;D*U}f;5ZP7pR7DO`s_X61oX0WMUL=_IPe6rEt(cdy-!wXv{3KWw0G1%Gyt1j
zE`XD3WlVN6r#|4p`0~E<^zElA5*3n{8veyI?u=-7%ib>HP#L^5l)iRhv7D0-P9c9R
zJ9Qqva$FKUQ;DhjB6+(-zm5g{5=HOg2>ld9K6pL6VE;dc|385LKSX~+yc&#z=5hi<
z(cesOP_`;(f{oQ8V{B!11aNQ|rt#XquiI)h>iV4V5v=PT<Q?RCPLb*g!h2<2>N4HJ
zM2&YSm&25=*uH?TZo;<e_@Aqkpl`!?ibUE<y{QN6Jk~u#kf@yJlDAA*;`-TDsd9cu
z3dD%B==?IcMyl~XPc<&hHMxtGl3B<E*@)aWxMZ$^2nL|?SJ~k7gaMyxNmSpyfz3qa
zD4&$Nt}nQbR78#DA#0dDiBH*;H%c2<Cwwr=FHf{zJWz9<CqQsD|6OyJ^%-UO@Eo_#
z(p7X!-^5WG$JsM3Qi!q}p5+qJ<)n)zCx^Os#)EBM`<LL7#8$oa75cB&uX5!j*c&a<
zqcg;3cpay#8-HxR5&^`^V4kWRlH4h~>vYj`U9A(XdwZ>~P&}KF$d?vXI~_X=()vmg
zyke$yw%RG_fF6jC1!)$7Ok`JJ->fKMixs8>`*%!cN(oOj8)T$nJiDO3<XOxIn}?W8
ziVpsh%I+dbf3Bx6$$n)h^7xs+ps~MgA@mh@l9*_h4qNeey9m66k{qde?W7h6AgI&~
z5=e<T85-siwaVtj5)yn^JFPwMMb%l5Hr#h-+J?YWNz4K-z#*C#sr>otY#hXi@2?oW
z!Xa<bYJC@{;$-pk8Z=8+f)4<;DPO>(;Bp>Bvp8My?vR~VS25ruwdc5p{Gu>=$7q#7
zqXvggUlSM2aK0!DdVHb1IcoeeDSPF=!$Alf+?|Nib?8FygD99m%xjvmTjqHyng5{Y
zxCg?6;|NWbm}X3h!)yFDfyD%N8)zQaLyAkJ`$Ax$7cZA2@})x2aP)#G9sYi6Y7ZT|
z+TD3STP8As486wiWWje>W-anCkeY;~z%WC6u}+%$VTqId4>ZHx4I{@MN!j5l@q$!%
zgSQN$#HP!F^i#OSsYrEt1~(1bh@8{=E1K>@mY)4w=^EB;BHV63w>{HYhd_lX7ne8x
z1xp1npi@#iLHPHXO4`m6B0SSh7RRCNY@~+0<c^_S$h6!&n8*uEeTi#m0Gx<+8JB>;
z0?5zLal$w?ND_oHd_y9x371B0fXqdd|5}Dz>R?T0IFzZ60G{yfx(dR~PN&VuEKqon
z?~$xY7$@xcF!~F%g*e8M*7uky3u>w!pqo}*6!-wCq%=}nqIVasbYF2!WVrT8h<Rov
zsCaZ|X8i)&R}dQGcFTA&TjwpSI`dg;v%CZ{C<kID`Q{3ZEBW%vo=Syh@(j`uUNG!Q
z?8EE~-lL?20;olyFrbi195NB{NL}4bA4db@TQa4wcf%v;>>wO)Q{xm%dZeW|fF+_K
zrVB>ye>{Ej)7hKL>vtEgWRf#EprM+|vF^*5X11v(lf_kxeEU5SeWbsap152+p&J!K
zm$g+qU+2uj2~V*f=pAt_zf&FBl;^YncX=4aKFAz6JWkun@E&ATs>sBBRPzF64J@1G
z7UW!PsEL&Tai}2ZxU6_)M3`T!LQ>WdUKLRqq)CL6O!_wvIsXQIrv;HKwVnC<^u!&E
z4>lB(DFq{I%Lt7g1GA^_ccnJRR}_Qsr!tOHwJRarK*+3uE3zi>EJ$f)6b$P*p#Hyt
zloBHU+{|E)6o*H>4xhqA5MZ7930BUaLXLtgP=hjjapYqlSe)P~^A%^!VoI2xj&3m%
zVMKe?7+zVOgIl=f<>(N*<O`fZVgSPF{wa48K0^P9R~)q1oX#zoF5>t`C}tsOAz4ks
zz>{OXV4PuCl6apH9O0s?dWwwDVGKU<jE9wA<XV`?@cB9l=V<B5tlG(148igP=57y~
z$f-s~P>+!iRhcQeP${;rn)h0*w~;cs^Aa$AkV*lu!~Px25DCD5BRPfKgUY?E#c!hL
zcR@&~jP&Lin1mkViF>GqchSq(ND3touxn9J)w+wmgF`B%YwcI!1yb1(r*mCiNKnfe
z=N}YHB>)bkgD?jEO;YmCVC=d*)yCDyEaXN@Cn$6g$C>dc57n`b%+xQ+bscLEe6eI4
z?3C!#Gf?;@yhCy1kr&d{lV483aLJQ1;4Ch85)e~Wj)9c(LDWzq&alVmJ{&Y5BujOn
zk+)9)@1k5Bja7wB*GG)Pq(eiz=IUTBe`Z2<ttyD8=PfKBAQL&Q<B-O><Og_xFvibt
zVSPSu`kld^T!X&TM>1MS92j8|kjIf>_M<ZXNM+iSUT@qzP(XU1{NQd&Ixi^rr=>wg
zghBJWG+qi_pM=uycKaISsNZk#IY63Mi$XJiPkMdV9jH;kNeOJ@{Q7<RgrsK0X2~ze
z4E_H5zPMWZB0*@J-Z|)8N`yhy;{KJZD3fQ1>+Gv8Eo&~c_j)<&PB3HDRhfI~1<g)1
zlPhHMQqWOw?tO;daLu6b(9c;5dQQ*jviB#2+nf@{w(68hAbJalyVW{T49(=?^#5L8
zoL*i0<ND<7n>VK?SKOh>?ZSWO!CDLdP&hveL={UYGqXyZR$1+gGJmXZS}oWQDL8rM
zf>U+ofRy}p!KNiL!A>Om<Mh-i=NDJ~;7ZezmlAe(0vyuLl!t`ccAviLlY8fd)qMhr
zvv-sT;gA0f5ffbP!QDZWtOr^*cnqXx-6~tesYr&U>|_j-<O?qd4ww9t2^AIwjx*CR
zyA>hBQGBZi%m2?{EBsid30y&Ah|7^hlb{5lpmd^(*khk$I0&iEZp&BEX`S<@B8oF2
zV@-)#dx5k7g{CRtBECq;z-Iv!x4RYTuF&6#nxlW60K?u;g^}{V#yV6`X>=HWZS?9n
z{R8W-Lmevkx%5;D=&m(#&+1hfmS{ldEVd3yyuYud+wax*T0)C~sCUW>6Bq80bQeSu
zVc>Wfq!Ur1SVU?V7JCV4SjKsmYoPMwpx|MCM)QFn7P-;tKIv#92OenuSzD(a&k*Ck
zUz2pME#8KQbm2z@5`^`$$WAKsaTz*>WG|BnDetBi!c)_Jk#QIz3SkrS;;n$r<SS;9
zj~+=fG|BD~GC|Wj!x<!7kfk<2@t8t6sK!{;bb%MdCz+9pKw7>G-&ozTYxtF~D6ukY
z3S*4a7fUG^GWVF*LP9I8I{NNR%hY*g12DbjKEpSTMQa5mw;Gg^>50^ulZcV*m=Vww
zMLdjwt*IDRV(aph&*pv*o{bjL8JWHZrn9s*zypk4t98PQK9~nf9}~TiH82Yn84cgf
z<7iu*#ELdVwq$#ZI!p4LfZop97F(ky;dLcEhJlVM=1df|GDS)aTcHS_(`t1rzV#*F
zBzn%Xwxx0<bIlC)w)6+?l$rZYuq2|SV(!Naf_?c5pP+kKwqROin35$~PDzTE#9A#8
zeRLsyeoZC?ATnu?7UP#Vy;&uQn=%+HX+q>bekXsEJHR#mdD!G5@m3jV+<Y^EL@dgw
zDdt$Tg9s5vgX|(uF`24vp$4f|{m86FjBYAhPk!?oX`a>rZrPWeHxL%aiIG@NV3^}f
zb6NA`yg;*aTtcEJHPKj{^pvGtw_0sWuerq|zi*X+l;=O6l$BZ5z`A)Fq285-bj$^<
z$OV*o<n{;0Wt=Ef&Qz(el+Ef%uh$ixR=llr2*VKj0+ScJp%`*)ANP5JboSU7K{K3M
zEEAjtRL0!6+Mc4ew^Beg0`$yP{a{;8jYA_yr<B~Jx<~|TC=7;wT}Id~WsB<>;ZX%!
zT$`Vxr&2TXzk1CW;gN~2$#g$N&{202AKdS$D+ElWJT;7i61H+<*qr0KC}U9eXuExB
z8so>CYee9<Y0Hjo+bdE68STSOf@kNtu`3HF@5*Udx4xghT#>1}aG*$4ghQZs)aJwN
zmNFVswxk)3{)xE;E{F)4rx>C!gku8br9Op=s2F8mg>;I{a;AobZMK8XL{q2_0dlvj
zK&(_WI(q=1`&@>1hIf0~Xd;RcsR66Oot>l9l8aq-)TMH?koT_SF~;<+D3}yF3f47<
z79<UHIR~E9(@<Hsb`q;R>&FR?tk^VA^#U0wU^AYlILgqoTby}|XQlx^i_tR(iK5RW
zDpbcP(12Iz2=d<S22wqw)m8j-LiS?YB&(admOZi{<#AXg&x))d8ZU`{QG$r?lBh%i
z%9#p~LNAXx!tx03I3f&3u)jcLJ6A};jb%?0oX{Ee2>SH9G2?E*|ITE1#2vQ0+huKX
zSRT_%Jdv75E@pcnu7r`7p$z@pjp<DguY84T*KrYOxx6@$rUsrh9^$MCRFY?+-yK&s
z3HvwK(`IQPOEo2T6`C!XaG4z;8)g(o#6edJ47T4@C|oxbD`6Zq$il6BEdy$x-<8Gn
z%MFKe4^)iYS%gyJ0jbvEHFZWuBOMzG<7iG&6cHvjVp-DEbq=lah_Hy}Qvrc}+<6U9
zWo!mPlrErHt;%L2Znea#?K+I(*5G8KDDc{Z#fVp#1Vh^zm%h3|`D!Hm0&tL~{@J`t
zvYuytJK=E_D7?FP^}_Juk5{1|J<E)Maa<f)DMA6qp8dQSm)Cwxw9bE`#7Ds*`muK-
z*)xjR1Gk220IT?;;l~UEy7quZLYMDT?2&Vl2H>0>N4~mrx_4C`HOhokD?t{ct*ws5
zM;$Td$^1^cjUDwI_DhK(k%3}>c%rSI(`C&n@@(}-3R737+JIxn$Occ7tDDGFpUP;x
z;LDz6*jq@4aqfluGN8s;OV(biHJMC+V9PYdM=gXp@PZy86JU!mY)~ef0Xb@M4(=w1
z{3DqGUwr2W^yUrpU)~-6bjg|<zr4FRJ3{+(HC5qEbpL;wf1bVkW?y=bfI^?{zdpGJ
zP=Zgg{~(xVE4nX|zo&Hnb>O8jjc1v25-*cgM)ujbbYEjLnN0NZi7L3~vHwct-m*<Q
zGIv5SvrIhDd(di~%gAAf#Ke>!N+NE-o!AyHCDKSMRS-#^O{4Z6z?C`W9td2o)#8?S
zEL_Ss8zdoQB;vFr2QqKf0$AN@zb-2Po^o$@@ZFkdT5%{&tJI+=hh?1xVNy~(nRQhs
zoj<H4svf)N5fj*j4US9f0Tm`tX+(qQV8$7EIPysNH%xCJZ2-7?!GnzFIEbWQM36m$
zaDs_S8ge4iKTRC;j*{6b<O_KhuY`9pTSZROVlX?!)Wh5n4c`!oC}VK4U};Qqe9!VD
z1(CB<;>?!-%KcR<a=Hg98K+Q=HWE4e6#{6j?ZvgMD7|hIL6s*+)q<)nwp=f$_QsZ=
zYS?+?-i%}v4pj;V@qX#z2$4!{04IPwON>pRq2eK*xa09*7b#P1E@9Vx!p_V7Iv}^~
zUk(ov{7?4pGyiM1KOBq>#^dof3acR!p+PcNvC_o1S`$v4<%yr5&Npy;1q=Uu7*BDC
zbaG?%vw+4^1N^`L|NjTQ=DL$(u3|so(%nSr=LCrW?OZvd!H=!NcYxkn)r0be2w*xy
zd6i?GmIw)*F*-3#5~7`vzQ{aHK<92q0&+P9Zuo^@Mi*Fys7l9zEasQq0oN%emx8f*
z?j;69PG^agd11n4$~EKk$aqxkR{YgezGYn7*b(l7@=3J^J2K~WEx46yqk;2*#u0zf
zfHBayUZ74C#5GY-KUMI#R#95c%1*w2`}X@+r`N~l=daFAj<3$%zPUcRIDL8g=IZSD
z)#aq3G=!#EeI8+B)LSs>R9WnE$&=D62w0l*bWF-1ANh_vPw$&G)Lx3pr^*rT5mr6v
zIvD$VP=VHThlk@cC)qy8+56z0YY<JUYFO~~S6T_dYb)P6iqcgS1<~B$Vwv8lG!EGl
z!s(%O)DW?1A`417#h#NA?5hxe?imB$%T#G9*CQJt=1~Q@po+|yXTIl0t=2c_TLK{f
zT%90v-jrA?z{AnRM7ehZ1us?J9A}0<lpjX~g~5E0g?B=|zX;}w@D5>r9Z*r;R~Zr6
zvki;Pps)vZ8fOccDHF?Z^L*+zQC&hVE*3f<^E;pfqPyA^zV<0mUKVC8HEmSXN8T;Q
zlE{^mZgWsX8|Bg~2!yZh65!19%D)4xp$CqV5gXSTJ8pL(^fRJ_vJRw`bhrjxWk6DX
zJ>G)&tB|B`?3{Npw9rmx&Gi$ij{@3Upl!8&Aw0lKl%oY(BK9)vxgxixT=l@s0P+%u
zQhDOhVYeGi&fi`NcPYbfy`pfs2$2HEZb)hi(Iq}Z)qy)$jG0OaP2z}$w)0wfGE`eo
zIa%yPhKbdxtc_49U@B)!!kEwn_HRiTnqAnPy--?(BPOE0zv9zpgWIdcwdnWp%ASVt
zbe|s*o+MBdAft9S;RLqy_n>lr$y7BG3<ECS10rduKiXcawb|#4$Py`Rf%!p`MNBbe
zWDr_q@ePTj^fLyDMb=|4xjXs#TyiO&10AhS@Bx{{dR?ct=d|9$8972{qBc_L1)awt
zkCb!_E%h?xPYiFRVvzezf7lsLbae?ewZoQ7aYcM}e=bS3O3*LCKXD4WZ6*zvMqaAA
zAGBJhkfqctz9?M06B2RNxKZF3#nTVO%U%GP|FEK&imfyXdojRck;+q9IyuYXft}M<
zM?(dwm}@B{3&1e;?;^YmJd~_G9obCv5F_mhJu%Junrs=R+#!8+N_pguk%gr7QlyUp
zR!>}R?x<}Qc-Br2$|Upx5Dr4fTrCrW-QtwJ<NTH?^SfMH!x6!X@6z8J`NQ>>+&XUg
z&l`~BU5T>=Nn0IcIk>35g?2}+-cV@?WjF`tNq`OmNxy}<bL`m+W+hrs&BmekG9F~?
z_J^gUhpqa)oyP?l?<sr+t=0*IGiDUAXM+zY6P_Dkg7l7NWcix$M{~#m#xp#s+;(ua
zrgw-P>J=p^)o#S$9b*L$&e;AdS5h0G2zmTb%XXsd!wcjEJm!AI`Ej{Us$Kx_E*3Dg
zF#UeN-*{nIW4$msS)swEYF}ANBZN%O1sm?5Jxh6E_K+<G@J8@nzL%i@!^3X3tFhw4
zJ1QzVaN=~nFZ7~N_a`LT{xY5hA$bCg_bo^oW!ExWN#bf1Wi<@;+-;uCW$5-^2aTp6
z*0n$GHC|TMR-@Q$wca;jH}3I}?o~W1?3}XKYf3D+*>;5yU4>%LkyR4QA&Mv`PIQdA
z<E;*Yib9AiaS-Np@bJ?q`(*+u>(z34#+HiFkb+~=5f3V5WGD8?5qk6X;`K2bAX+U?
zg?kY_Dsl2Re@DOn-s+&zvYAJyE%O(*Efu`f93a%u@5~8KF0<71@ic#$Kw~RspZU$Z
zl>b?py5<PA`@OcI0&i<n^w;pHz+dcIkn~*|9-&FQB+;_iur|j@`O-2u-<S^-qJKx2
z;?7rL2(B(ia(=n*C%QvA*S$qaS@pMk1mxd=1(W|}{QC;eHDEsdi6d04flrjmlUJ;i
z4U;rj2O*ggUpLp^>2^}5|0-Ap*-5fec&JcOCuBcS$4gcf-CmProZeOUT*B|g&SIm>
zM-{1oE5;RFD@Rtn^J8bKpr7h>b@dOKIa4*$zSl>nZDss#i(?Y_A$c7{tBg>+clx`D
zY{ode$Rj5>IYK>mFdiKAM}u+8*m@)F+fl_vmlh}G4Z+*u|6}i8x7#+deNlXU=2O(4
z>i@BnBT~2#B(zrdK8oxlPJGdp>}2<LXP8BxC?N&`E&!CQmE<|jr}J{>NzSM_>oN-f
zB{|)_FJr9q7;T#XX5DAa>u-+iNBXZ6fclh;ku~VfZ>#K5NC6PgGOb74{HUqBv3L4M
z3vhhO+Ipwk9I*W3;q^UFw|oyD4F%AU7o528Q#RHy@sbH?I|O>f_%?qh)rwPncoo9@
z+x06b<_HhXf+M$78$mw#)?kLdEzi}bgKtCL+EvTjylL~aG4H_Wb!sPDl2{8J4lR^j
z8m@|C)GFNzg8*7sor;(%k!Q;h0u3ChaC#traV{tGyB0+8t9~oE-&|^7w&YpH_FsMu
z2!|kPjuRz+b?(B3ffYWZxICST!HPbdoIL_$*OR6a{^aKq$HT@Hkf#E_%GdqU{6tcg
z3S8CFYx<Q&!Z>_?`Ra%kk4AH}DbtN|D4-7Ha6SmK4Mfm@WCJ0Z7j<5?D(qsTL{TSO
z?g{#}F&G}R)ehA>%mx6^-IPn+0KhJGW#;DOgSvS29a>U!uLi=amD&EhsCJn~#-ge5
zI`{riVaAl#Xs|4Iw`j7RK=lI5$*byhO@7pZ-b_`Jf@lb(o8eSw^9}*@uWbc!*51_B
z?)rvtsWt*?9Yo65FnU2DS$r&B(O0NUbkYDyhtxeFakXf~DRXiqt%m^Zs>)supvBz;
zWKHVuz>jBsU`IZOlLdPjvTv1ns;I8v-7tubMp9tN+f$Yb5s1|~S(vZm(Fps@K5q&G
zr<ga*R$!iwq!G>MmIn8O*(yoaiJ>tYjXEj8SltRfjT8H6wD5w=k5c<-gls_tOLb=t
z`X9xXK)9G^$(%>2ArOv6pm#&I?pPoH_m{86s_uzq4M>ZOV;!us^(+hnLrY~+<GyTY
z=|2b(z2U|{3S}}S#b8c`=f|r>vRbd#hN3?jodHh8z1Bhr0fc)1P)@uPUsq+`Ry7dz
zqZuK*5F$?3o^J?yqtVWVP1NDgsv@?{(1ATFNqTfCVlPbBK^CkO$q0fF8vzPg)&aUw
zpD*m^t58I%h)0R}Jb(ZR;9>eQf`aH^T{%4PXGt8AjTps&2t0pozE@`J?+Gx6C^NMo
zRrsVN6U}`~W}c?WY8IuIj72%N2o9x2_@bdltmW5@6fsa8X`zINf<fCta96F9E0MrN
ze(|s9GJp#BU`NMt)f2l-w4w4&@LPeF%XP8)41J%)WKm~nm?eQHbl(BATl<>HwgX0L
zeJd@&vH+SMnbt*^c!^kv(9oRq8M57bm=mp?sghdY1(uqa&%?m;d2FafrW9VYTTQTd
zy^V8h(wc7-&xjTw>6h>#FYtX;SkOl#ZrLx_ZwgQ}E;7s6PgjnY_wc|E!-RA)OTu}y
zp3O5uS{-ARi>6cV5Bw;h-vu#`vtX4Z<~wW7;A^M{dat5GR9AGp4;bBoaHTZxMYae-
z-;nY~BgkD>)>teR=LR(*dntvGtQ$ziq<4H4uTyUpc{(*qj_UcFEB4>3(iZkG>lV%D
zWM^eONPN$mhvs8n^+zQ|BcNFOm=ptqXAxb-x!_r_u!JoiBK)UQunWjUgv=re!+17Z
z=v-4D;xIXE2U~6T#b(>yKhJA@D@rm^LReVJ*Q?kIyu^|TM<WD`%h$|J8`9V3N~|kW
z<2{EX6#101`GLP!d*O^w4J>+w(q1--Q-fQn5H(0G^{zl375Vhe75<C|^L4ba1bu}F
zcO!Vw-e95G7S$Vhg>JXXgP?EpOceYcw*G>y^CFn7!a$^C9z7DKcEii8u(4lSg6slx
z>QG-vKJlGfCl$$RHnSb~7iPIFY76!&AvbFfgq|0yg1P+=g%n1BCFNK1gfy3CzL=%q
zjN7l`(TEi2Qt4fiuTv&S+zIbqUD1+%M);F$&F199@-WK6)hbPGTeA^VSilUAZI!Wx
zfO@%bpGYqv$8|N!*3mkf+m-Mm-FG)R4Ug_iT8;{*eioAcWxnvEz+Xp}UWolW@WUvc
zvqS8s2FjF!RT{t%QuE0zxn7B2vF1J*Z7?$RO9p#{7;JbNr$90C$Xdl|EFv%RW|pFl
z{p)6l9qV7#h}xiuDo(y2=Q+scVzye(154C%<tGK<QS&=c>K)-O41GdtKIfb#e6}{U
z5?hh^&D(b`uBPqh7SwRTIytd7RnuyzCk%Zm^>_=hj)R3~s4k@Vxh;5ZU}|>?>3qX~
zscM^9CTRt8dL_<df6f!KW#$9<_SXEPFe|9>0A@g$zXXX=u_~G+Ga<Y%G(;69a3jY<
zQQk_Z>aGw@z|4ZhO>F+E6%!5*{9qOnmX<_m;)P*iXIGsbx*vfNtART@$UF<y3!m(r
zNI`*tq)O5g^HOeiKa7z`NDiErt<p?nft@{dK2U!HofzBpDQAk4fcqlMERPB7wlD|Y
z$ug`mY~AzdG>3CBUlTHZx8lRTqb^sm$k!shPYV}AlE5=Uzv<Bsi*>y6IB9Sw@p~)E
z<|bdas-m9dTd;x&-F?v_oh^72>YWUk-=qgCd4X@GT9v2jtooEet-OGXP+e*V?CTEb
z$Y?a#j|VI@6mYY${S7KPRRvw#q6x8KO*LX@$B|N%&Duj$9F@XQRCl5V|9l}}hs!y?
ztLjW6yKH%FLBLbK5ruqv#B7|V#*Kuy2<YHP*};#dgC_^ry9w#tUq%z?mTPJ#t2-ra
z)EdZDWVVQ-DvbMOZR@Wm`1M~#qqBx_m5-zENYue~tO{r>fDx>Ad86NRG+ez_DkpO~
zdI#8bav=F;vuhDiv0`lv^>w*<Q&mso8gT-QQbqnrpxF^1u3yL>PYHDOlyA3<(b~sS
zMpF*<Q(*Q}-Pu$2QaRpXSDmt3e+p6j8aLtB*St+{uny|!hHpP0M#s<i$FF0)-A>)Q
zm<IoOe5yMz!HZyg%m&`qW_SDg`1fN5&A#}&l^2KH1E(K;?so0c`a=)Pyg2&(RF_+A
z?3|*7^d+g5rtXnrDf|iLV%4m|&Y+QJ;qAP<#_3M0vZ)F&l0!(_Les#dHpK#TdW1KP
zJO?(!*uD%LytZC$RgoXyD8Xz_rA597y*P*!$<SaeV4V<ii%U6BV-}Y=mUKfwvd<fF
zLC7nT5qVTm@}ta)!kIz?^rj&oMrv_=*#nkcvZ~Zk&SV;quETMYIE{l<s_D+P%If0t
zyD^C!;8=(KQtGQ9n9m~-tS$8b?ypmr9w~u<1O_?)Vt90*aDgN>jd_vpMKh7CEJ@;@
zhuc2AVLWYjpirP?+)yP%J#tsi!&RJxb3urb+1>1lHkay}jkm-z0(3#-aD|9@M1-j@
zSg(V17@3ueb@>#OZH<!JANV{b(ruEh7OBVrLMIxHF2zL7q{YFbm^nlT3Fb2@l%=cr
zJn>gEODi0f<5ipuk_gF^@obgxAmy<op$rm@DAp4q-rU{ft(u(G?i!`6fJ~4OsUOc5
zcJgCwBwH8!TAx!??S83N4VK75B&IHCDNv6BYW~c^C|L#T)KUl3iESY}^!Bd2YHofI
z_o@hIw#oGml9C^JM@TXzTX5m=MVg3}89JC$Ie;W9DAX=G8S)X&k&EX^I^)Vz1Vl_7
zR1&RI?-cmS<%_fDZ{NK7>*d?G@4mTW+XmFLAPg7OOc?oz@DtzC^sLSLZ6_DXM8?W1
z(@b&W763XtNFr)Bn0bB}&Q^0X_DIWw?ftgGG8Rg$Fj>wplQU}G&cbk>EwaoKF>INF
z#a6o($brd0lJS$6h^JYWCUKnkLX$!KD^(80&E}dg$W7MJp7n~S5Z8)!skKUFQn6sN
zrFodpvp1jdSsF&RC4V%6z+VU;#Q50?JPC>wL2o^3##trlI`GB9(oh$N9O7A#^9J{c
zKljM7_g0HU_+Da~4s;zWRA<;PWwAvIfhh`!QkbgdR}v#PrYlP!63t$IyrA~9c{cOs
z$$Vv-N^oE6MfpyzEic)bwQ)eLz!W?0*dL-S6!W<s&Mn1-<*Vv;RK64ffRH=>h{J<q
z?ng&R-FG;mNa8i;o~5qpVZG+{C&2G*?#q@#%(+4$ltiM$F_8p8;PYf=iNpq98#}0h
zitR<G=L4uw){rjdvn*I8WD1qa*y^e{+G(KU`7KbZ3KBc;{csj5+Js|-9?w<@x2HRh
z7XXITYu%1q^|16Pk!$}b()20KI9NrgST8Kia5Vbx^C>&<JwNo-7i7|-Bwft|Z${=T
z7>#WDllZ)?RF!btpQaKk?$HKMw6^Q}{(@T6){7ZW;y5ImU0v=_LagsKSObzI-)@B*
zpL+yp>@hS&SIV2O(<EDE!ZziNMi4*2u5i9GYBTgh$`HahiM_;ICHiZ>59@AkEp0QF
zWP*?$Zjo^AdE88<M}Yca_AaVSBh}0A7xO5jLSd4u<Ji-y7bJ4^YRt8uc(&kpSJ<;E
zK!=*G{U9M!V?U0AwLj;UYM_M!mDkhHCTJWTUmfYg1K&$#gkvY(B1*+9BBXt(4rExe
zw-iu~Ntf!uSdmM9_g%XwUb{$Q*zFm0ba<=K_fk3;<nkL1iab0>JSyC$p;)Be%GdlV
zSb)LLC=AMl{Pw4_s|$ubVzx^vqeG5*F{6AcTEt?OWots!GqA*d82M~6VI4oGDq!JU
zVv=%@Py>zcrwc#LJWDwljs7dvSovPnUm;#aFQ#6_B#8MU3i-l*-RI7av1D&X9blpG
zyj3(`b4zkQ8fjAmAl4JR0envFR`b=Iiy-rT`?<A^D`$}0enoyOO3^gvQrJ>(1l1=Z
zsfKA1Wx>qLEK%hxgfRV2d1+4V;lUzGsAxJ*e4hD1WIv5YBYA>Uc{z~vcFp~&`uwb6
z>6RUy7gZw~;Gfal$0>^F7`<%f^T=P2J*I4WTV4aZ{)OLigC-%rmtrW{P0=Fr0;35A
zy7CVAp{;C;%89nWbYx`DUyvD!S8+I-aY47e5@>0-E5O)O>>7>slcRLz1&(chCV1e@
zJhJP((MWzSxe&Y_P<hy&X916AW|cq%lYQvBB|VQiR2Fe4c(%y&og2hP9JkR2Qj>sk
zI91(F)>VDS>r5d|>6=&z@7S@By5AO2yqYZ%o>=n!Xf!dGwHL&5Rk{XdN*mmq%nUYR
zkk4?JHxQL0HKT@BVAn5Bal=SWfidgDjn_%G2uT-=U37K9+Z!kT{HD^mu=1QbC!Qzi
zJm#qpPXbUn6z8c0&$KR{VMYMPW1(oFq6r|ltTAZ`TAVpNNF1kH%vU^#LqD}GX|!@{
zBH8eA2c^2Cs7eC8+2O(5@xyS>pD)(w%ACW<6cjld1ip4EqZ}S2vzVU1coxl8fidAA
zm~5v!r>Y~N4b@3Ng~mwC*0aQ4n0W-@f%ol7QeBmo3^g`nDNoi3H?jl5n_gjAP5A!}
zEfpfyzzP*u9$r;mv#6&!uSf4?ZLm2!Son@M;fMZAiY~fsC?|McH5<|5XiEeWR9HZm
zxht2eT3her*cMhCBUsq2sP7@mi4^yhjW4LkwVnlh?L`5%jT`je7f!xbwT0SH6y^{e
z6!ZCvdcPKn*@6day$pV$l~H5$ROaElB;K&;RGzX$NL?N2EJ~tmwHB6?HySxrHWOnK
z;|;qLMF9*^mz<+MUyEXVcrZ^E<U)xTvyf+DtT(bQeb#K{5xbHipDsi!CqvnFa-DcS
z{S54T9t5Q89-n0yPs5p|X|(AY?Hq7vS8G~lZ=EY(vQ$_1ox-uB;#xY7<BW$!Mz$5k
z?1scm4>G+iEh;I^LaM5#fe`Dp3PSS$w{wO}TFDv41glCF;C^21@<JEzK0KKF^caUC
z&BQEQtqIL&G<q%fElIe5nq1Xtf8a&~<EC~L&rd{{M6;MsR#s8#HzcZ-VmrBL2%eus
zj$wxfu}{5v!sCIrvf6{BFR!fID$k@CY#e)Vt#FJ)Qh6xKzBfH1CRo}3fUwIX5j;&7
z#<nEs`=ilnx7q&Tny7x@Pea&yK2_L~I9vPn)|M@Kv;f2a$RC6nq{R+KWv^%*K{xlQ
z3pVw#G)~iKVH@z1(FhW+B}=Gv+&$YOxDhEHPH%uXq1JQ}`%&s^|1nZsm@B~GxEl>A
zb`J4sz3>;F=hHqZr#4#Lr(j3C;7xN^)tO^`h!d*s`k|Q5BA(3&C1ZW)IVC#jya(}&
zx;p1cCgxrcr-arFja1i?pX8}lBr)B!s(D)2*f{+VHme`g2+BpoR}m+h$&ZLmWTF*x
zp&gw;qWm12yan4y-i-x`=T!bnqJW3t%IBn+aHwdVF1v2-ID^6~CrlWVN^_gy9Fgm9
zk?_C|(_lp!F=gL~U}B@cjqU$c#j~$@!OK+CSC~noExU0*m2%IIy(r68bRB$ErBda$
z;~c;sdhjv|J780xQ=qj)HW0o}gE5(c<QVYPBG-)_TaEBjFNzl{ayk>EDl|slun3SF
zzLi3q;y7*fSBO5T;Pq)Y6eXO~FymD)ivsQk<VY=$!K;0|tMe^F?d7G42!jHXat3Gf
zkdTVPSvKc$${y!>ksxrNgv#9IZF-~1)Fbf3WmSl;6~ahcG4jtT?Cr#{APX-Pnec2&
zv63r)aZMQ*Db=a4r!iWAZb0};9LBS7oz2JyW^xO_5?cLt=%gGT#NK><r2izUXt-D>
zNk+P=YK#r^lslJ098#0tOw7YzHV=GDC>)Khwnc7baH$I9rLJhHwQW@p6xD59HY(Sy
z)7baCG^A|NwSDTI8g4iXs3Ry$vv3`)7UXn7`E!JpHJD18JyRe>rJWoe%pz)YUuQ|U
zTCW#I>>y4S2NQ2ftl4tNijSMi*0FUz2N^&%=2MT(d?7@%;{MDwCgpm$X@o|4f?4wd
zYKL5l#9Pe*v#yccf<N(G;q61s^?+?ubd>UguT^DBvoshED!W8|hJl>XG+OwU_{;_Z
zy;Mn(gnvY#!!8B)B7Yub_Hzp)s?i=y&0_iajEd)3B;s%uWaRS@t2t6B<nSQ!=|+#e
zSr%qdMEV@aGpQDYTp};Z+fycgu{@Q%C~w)1Xe$jPC+sqg_(}wG(iyWApej)h>-c-e
zLT@#y$fKKfoi2iPn5+UzS1Y<Yy4qyaA0C7YYDJDCu?W^YHg_Jxv4fZf0;-9Xl^;5h
z*qJxWvLs3Ehl&}z{prn%%PZj7jv)~!kfrrg--}mCy08?KguC7qg_O$PY9&@*zLMip
zrCg*7Z{b<11VVzV-9dLn7*pYT9cRHjN{vql!NFfuccM0dz<532p4LIZq2mlmR!Ner
z;yIZCPi1B_9mF)LG#wjECxj1HN&(DlNTr=D^k(TSiOuc{3=<={|JL2^WQ)oRCJd<Y
zXcaFqKbiTlB?sPT1^Tp=d=#$qbI^j$wJrt~lItB7{Ij6M+MBGjBm4THfg^_SOh^eS
z^P=Et`5{3=UMitacflggf@Hn$jBE!Hes2x*xReAM%VZEFSYHk5_9k0Rj-KZ8ELI8U
z^H2y&-W!d+LHwPQdS`D0E=8OY3y48R-r+&8aIA2NzgS29+%Q*9?pF#9XT<fkVxNTA
zVm*uIzD&W_8G6*>8P3Ff&7*`{a(3^YLsehMAT@hE6tO?&-pao3Yj4r2=4E=rp5gub
z4D+$HF;1T2i8{x2^YS3{c)apQqvzEQaSq#B$`!k^bsQ=3b9-ikBwdJwRC3kxQ|25u
z_M5)ARHl`yBnETp>yVQ1!uPD4>J3=I6w;?$c<aOp90zJ3f;b3bbH^s;j!+VqG9^J#
zk!ew-pO&^JqA{h&-cfNf7V$h@c#E~6s`9ps{h7uk0e^yXBqt27vLL3mr_76@b&{-v
zp@*nsIZ=F-{X!{{%A*~`G%`9$65kimY=OKIrH<{cC=7og$H79MW9k6)i?6u|{B>q}
zV+>&yV#rjj2aq9Gqzhsi1<un%%t9~5T9-yRIDd)81Xy`8h#+3iy=3j#x$s6KtB7X`
zLdbR>?L@#xRKR%PxFjNP!G*U9^<phl+yH?32@S=GStL?3hO#OMVZ=8uI|&t}!Xyj0
z7p9qt=_a_lZ*+>A&VYoEse5JN1?xD9jENh3S_*`{D)csnBELqO8YuU6c;L@z*jb!r
z^VMR#jz*(xU2UpXP=&UJb(h?HD^mQHOwU@R>B5Ul2+~63vReItDwi)W)bB9184bS4
z!es6Hk#TW?cMMZG0qJcZhAgJuxhxIlV#e2@`F_?r@f5YH%4i%d1j#_r2kaTOXhnQI
zTln7E?to|@ig35x77$OXBlO>1yt|Uy;zUZib<UK6czEEuX&5{V{lqi2frW`tbn*mr
zD52x1^qr($FH6HHSw)ed6qwxsc63lGv}N7R8#KmF@Z_jsW03Jl<0<FCd>yYsdz)P6
zEvW?>La|;s8|Od1m;|0bpZK2Vd5Z{0(NTM0v<TLTiA(`gu{;oIRcaPNV(TbA02qC5
zsv=WaHxX5@6F*qbymYQye4QflD$tW~n*%=xBaDJ0H)ybk7qOpmyBCSK{TBX>Y>$q}
z^W@cMT$ccoB}b&;TI6-0uW@7aW*d&FNKU5ZVzr9J%6NoK*lG{z{Cg6dN(J}XJXnQs
z8fS(=Fd9wRPYUi?uh|wo`u==DJ#st^xtGq(<q1KkP-g-P#3(KT-iBO(=v8a&;)kA)
z!!w_)W-H&H+p#Fm=P#Sj)-#<@vuMnP6f7gXH^3OMa}+aT=zjI?iUrds1_Q3|FK7a0
zmUycu4d#ZBEz*J<A2Q$&8TN+lPH;9n8etjE=BxQ!WQK&Qo`40%E(~@K84DFef^;46
zRAhnq9%6nly@(73Mi5}^0S$pzW%DR78v$$vSDWgSiZ-Cq)VX%%(T(i;UKIJBF_wdg
z0A&^hBgm8wS+a&3UT0|q7qvF;9v&pr_`aC&WR+M$7+3*F4G^91NCUz(7~f9slcuc&
z-_Y<H*$UO)7G9W!nXzC;+G9_QV{LVPU0{Hq0wp7*ThJ)1P00xra(J3%voP>1ZF00_
z8yFnQH1<AxPqkBdb;h&UgjSIVZF0@LvYS)+(&rFxHh0c>!b2`HV-pH(fE4jTk%anA
z^lD7K6|2P}iG$FF%V<^I*p@DSJVzG<VOq0b?yr4w)O=%BcV%rb=k`2xG#Y*#&ir+>
zvdSPD(mR7uSY_7QSZUM^ypRtMB1c%_vG0eObw*gT`Kj8z7z+S6E6reuITNlG&8a<)
zue|kKtb9uugZH&WmP(1t?CSe%1@<@U?OdncdL2Z8rC@LivW_xcttmh+qNtSWLdTf?
zsubM<VLIR{qISr55zhS3i}-^zL;C=|phq9fXb#^xnWuafk|{_!-kFK6!ly+BV=Rd%
z#6UKWxtGiqc9j+ez#$W+R)}n$#_1>idX@%}(EbB5YZs(4#TAi|PmQ<d@W64wri*!$
zM5*u5YzY7>CHY$0+f)iRt*BA9j_7jo`8u5?GtQ03q;t45gtx1tIMU2ITzDDv)oUTx
ztpJMEIIWY11l<}#7R^Xr$6@L(7MWUXN0=%0xoqg(H&kh4c@%lxJe^4msl&I3ks;mH
z;0Trs>@b-6$uv3w9f$1W3nTbR1sgi=Q>9`N&li4dOkpbY*rJ<RF$VY=O%MvGb<_7k
zA^c=!PntF);`ns8L6ehAZX;Tr@s_Lj2%RV25Q&~A>3T-Ceq^u3<yT8p<4s$Ejk0)R
z;w+X{z=;Dt2tsc)8gZ!t*swIW8*nXL{CNJ%c4M|!%|mYy#-ovTG+IqHFWFM3eq9T2
z`7JeQVB^Gm*sf$@u$YTQ|3=!kvIl-b#opA5<o^=O(ncfEq<pI&W$c??5DPz(m&LSc
zdAn<-bVKSi><`}0(;V!52-BOF?Chs2a?kso2<KAo{5z<G=_(6Tk;UfZKKoYL{I4(@
z;Pjc!rNQ_-GjpKpQJZ0~j>B~}3!>2|tJ3E1Z(kjqYRMMOP>qT#K!k6#18cFZFanz9
zM9edPwO)JnZuL|E$2zZ@maUNSuVKp~{;7hnT@`{b*J!qm7V~8EFaM<fdcKZ-LK{*G
zjH3wt^gOTg=RELc-oN-!90pP3$A0uLo*(%0*}pLFpU{`yf4ipT^}l$3cU#@T{crN$
zfi2kf;s5vHtZs8a`u}dXB6!1_>uGb7iz0(OT2W>oas8KFUHn<U!_}9nP{)dA*Wv_D
zM&4HSy++DBvQ#@?Y<c<#YUuzXum$ebAIk2%%2QD`VsFo|RrS{7Y|GOd@&6CJVCqd)
z#ZF9{+iTJR$hL>e6Y!G@{H!^_?<T?2gGMhgV5nhPbyrFb)$DB_k%v#ri)0vbR1<}B
z+*U0wI-MB=Ev6r-xFwv3?<-v_5HjgoW+rvJonGfHfMIM-4o>Q-+MFC%r0CNPZ|nTC
z9I$O0rmZ30!4I7degWkp3)yVHzq`Amb&~)<5t7^mR%U>}NEK(JLl3J`!S){8;8jE@
zQ{`&?h3C=mH!X2Na9v(rA1jL)X1ZsFF#Pjg0~|v=kz5N*%4FIwZW_f-DDci^%kQ-B
z6vBT#Sg8ny>jDes)e+mZd4ci$a>xeHx>tJNPM5Z`kSVh?PmZQg)qM-4U|07TJ8~zW
zLK#G2RBQI(oYzIwuq$4sH{w4Aw^|CXG}lLn|M;zF*`+zN>}9#GoMdze{FaBBk?0q*
z_i&?<9+UU+7R7w^k5@vl4@>iKNy<-9<OE;@^8Y@{w@!|9J#r}nx#=U*kI?;>3abl@
zAx_5+bScI^Veq;}_4;u6;?;|@s}~>NoV|YWvvK_Ek$qSf{JQy>cH8l#|9p7h{QHQl
zL{Z(z?%><Bu}4R#-h0A8-<SE5hq^0=2aAJ(eUGwl1JD<8C(&{;I@-8lylJX5x3C+n
ztx7Aq3HSt!QoDdvO`TaV{dja9%$rY{31v)s!aS%qzkJE*=Z|+D-+Qd<Kjux|+9`b2
zun*_ooxS<?#jCg9e!-=nD!}BWhS1l;F~p{u><Fq4<l@e0PshRD<c&P+)6q9o%@lxZ
zRkD?6?*yQt5)dR6i}S(0cD>8xq#T%ECh&{mCtoWz%<hEv1mJaehhgn3gLtf@Uql3Z
zRh8G1ccR`*bh_5zt9MsN=35fKG9A6cf_~_>FhS39n1VOCXj*p1@8PD=EC}-pG<>8s
z6zK8YS37pc%XT`_RplUsycQU(ZMS^BHt(YQ*M|Kp6*!2t?%-6MyH)97W1W+{F9>=7
z(qE(J?xpeE?b&mHLvR9VupeRn9gsY-NqZx3lT6SPII*6<Bbc{FKy7u`uAo!1;DBeM
z<#_>6qFC<ZnBDfbE%D0zBQ`D}cXZ6E8ejsjmRYAbgHnc1A3XKVO?9V}xjIK3kN7u$
z583QC8(u>y$i6u_h8g?t<JqhCFRngby?_1s?DDVE&0__eo;2tlQ9M5fq<*_`HD3x|
zY=GrD`9V5T|K5>h2tqYyOKo=r5(+4r4<#8vjYK(hC0=L*cs#{|l0^@E+#!C-ew!#5
z@uEt3p)tjof?U1Iugl$*!l_%t@pHay(;MD>2o+*1oe9gcQ#St7ueiy<`96{Flzbz8
zACGK}QB@s6%Ulq^PM>RUM~|9*pr{SblrzxlYmvQ#5P;^Km(Q!S@*axobw+<yR^|Ps
z+BKJg8%TNBj6a!s)s3BAsVI|LNL~gwpq$BrUjPVtJ;gQ88wM#<^5(f#Mi32&@b9}k
z{Z!l|MtI&j8RR_sW!JPCETX)Z@-CQ4NGZwbXmnKp&r?9Q_z^~FgXEpJLO!pNwCoa>
z8&HAXV!HmT=Vuq}guQ+F{G6Sz=~U$zk!{@QJU5P2f!H-vJ$((z#RIRqq3sYznwMg7
zU2}-|AaxM!(Q5Kc)T(FPAR5WL!8t?<C0MS@PK9@9gPm4AlxAQceigG7*_3@(-3icO
zAV(AOBcbPVY$;x7rO=<Ix>IstFhNN7%MAy%Wl<5Y3;?QZB-7S1e1rhY8@LJY)vdM?
ztdSFiWb{|0%B4a;2K;qIv%hA$Ei8(pf%!abjUisd53CER-5TI(6Vj)tt9!V~TUE%B
zeNd>*)?DxiQ^og>46wdCH_DXU09`9~J&ESQwifoLRP}+HBMl9iRV<fB;X8E{d1(M|
zF*=c(;sjY$D&(~1KzW@PV)V`B+t=ND=(K2?(dGL$#_xiSPSPT06Ws&q8ycu)51|-?
zC617>ym|ZX#VLD9gcdGm8+IcUQZw>RNzb_6=A4yPIawE#ihNTU$5xbDcE=P<gD9DX
zc*(e@#mH&X(dccN3al5p%Zru}gs{9_b0adztlA1WOD(SRrmgKh)|7MbPr^GibGyht
zVIIle3ryA78EeWXoBIhV>eBM-Q#QW!r@=Io|8^0H9p3$>YV%Z_vZedZvRgoaIzmk~
zSF{&R*~=0csyt4|bbbf=cZ%IwvW?`!0Q_ew#F_{ndGj{|(Y+r)YPFLw?RFaj8S`85
zPZ4kq+|Aw`AqGW*Whr<&a0^PtI7zv#+@@+u@`j1eTag0P;YgQt1RiBTqB&GP!bI@S
z29jL(*+3<oXOzq9lE6A=xiL`Z@^fI4+Z_hknI-#&?YMs5PR%e>*@=fYro8N4d~T&=
zR6q)PM-@?A!A=*=z^0%JrsM_~oXqujn{(FROz`=Vt%@rB<SeGhERGf+POjXXZ}ZUH
zJD`j#^(KVcnoDJ7Te>w}pc`$`EZwbxWnwQh@S$SR8pNg*r5ur3Y^+dfM`BBn>F<|Q
zXU<B9>(=vT=132x%c+KGL)pvJRy~l*WT(EP3^+h9kK(|9h<>Ci-E!-ow29=(mP|~n
zXcc{@!vcZEv!-((O;Kvlw2<!}(<;>;mV;N)@<A)-a1r1m<Z@KB>UR6wOzg9UJ*Rad
zYzhHvM9Clsz5}PcQrS{J^ddMQM?$m2hZyJo7<PH23Js?HqDoS2A$4)Svx~!aP&+^l
z<&$u?BCPOI)l*g({vXCq+FD~hJzF`~<6hs#|J)fFF6;>PpN;^b%i1*&#<U;{+2EbA
zm7FHs6}&!%1H0jd9~ki)D~PJ-E1OB$>{b&wnRaS>)9TiPU1B&0Pj9+fUM;vP?W&&E
zSjQUmG_Fq-)?KF<8t-2!L0WaDVTXX43I(=*TLPcvX)7gW$+19xR8a{4cG6btI#=R@
zCe7JK@G>v2*Si8PKinIt21V1>xha?2-iUiVo^n7{y@BM^Z_b(T2O)*Dtk#UP=WnjC
z@nfv$CBNnONLWekJ^bh9n3cQD3jQJ`!<+l<jQ|1ig`BBR0CEXeNm^}$b6@k$EJO4-
z2#4yvu&V_@7bmy8*1PT_)cBJ->7#;6Te3sTIWQzf-(lOjN=4IH9`ayq^lVpC*f&+V
zRxKmKh4FPO)JBnuNX7<9x}|}M-ZMZ&48sj1Nkvgt%;#!PLuQgdXqICprq@%gi5$~h
zvtuUObUGS+jX+mA1VS;@=MI`zk(ZyC+{vf*-u^c|sk^%P%P^N;sxE7l3T#hOc(!Hj
zY0=)NSf!k!r|mFzqL6brQS}y1*>A=`qh)JiA9CAdKjFuK<+7{U`OCkZKUWUIDGFS#
zG3Qba;j<YFs)i6u*03VuTa!Eahle4lObnGr2H{xe$O9zf{=(cX)pVcQa;m5B^^~U@
zA-Q_*JqEk$`I}RgrGJ)h9cSsEcb^8{+whWKi&`T~ptO6+{`Bjs=VuomFV3#6etLWP
z{P%$`uj^{JeGS!bo11)VEOP^|GLTu`H=@22X;o*#?=Z&Ow$4|(R-m{&#@f1X*JE7Z
zAB5OSX0gd3g^{;=s{I0+;YBTYc5kf`;G|U-GJFg=d8NwqfnG>~mUgP%57_{kNl(#y
zt+v>)ku{}AYK>tOeM&N{D^#Coy<whZAgmgFS#le`GbWvNA-O$;9>HR7bzRkPgQ~pi
zKfIOoWxlHmx{-G!1mc2dM%PN?hPdkoA8U4_E1wWq!+9A@yk|J>Q$2<Mmz)jQ$gs}m
zkBrL7?~k?HE9AVd$!~Tw__Ca$>Wx-eu!iFY$yxu7a@QwqEyM{%_nu^8Q#H!nK&n7g
zyOtHazSh^6xxbVI)KxpW&sC3sQ~o=chJhMh-@5V;LNph0lY!|*e=8L}Dd?1fT-VyH
zmao@RRBNY<y}RjkPsvDm+lXS#n%(s^pit~g(xw#9&d;vSKk7uS^S5uldHL;<+PZBf
zrm~Ntvx(H5kaDH$HfBm`TbRv-YHNNg>P8&1ZJvHo##8x<84o4~14i?dv5~P7TRE~{
zRpc1Y=5YTNo>pV)I$0e63NGm|)+u9WY=w0-nyT0tF|J|_KxM#MJSxRPF0g^WBvv;i
zqv>*}Ai%&1Dw)S<j7o9Z$Hl;+#a$#uG1Zj>KgwaEo6xXe5SvWVz($3iudJ%L?5Pnb
zjl+mt1Tl4V$k`{is>=o_BhW?y#Sq}>ux&;@nNFvsY=qoiX;o(Zk!rySD&i`~sGcMR
zn#ZY10Haa43ytQpPZ<W`(tG%{8LCu0PZ?p=gHi|EU!LB%`)Q$i`oPT3S(#zxyZGEH
zbI-sirR0spp37_P1A;nLO$B$Nb?urjxGq$To5W=~0D+1J1rC)cd6|l%)6uB2GW4Fp
z?D~JybW_SW=XA>V-H&AEe!2m?LG97NonuNBgYT#ix4djAYl7XkbRwlD>)yd5zxB50
zz_Z>Y$xbehrVK(I1kX$!;U8nvh`dH{t$;Zn+keBAN=B(QH=W|4m;_Y4fQ;GY!@8ip
zG&@%iIB}~Q{*>3~*{-c7SejA8$C-Cc4F##GKf-a3;J}L<<b!nuagu;;x2-aDQQ2gb
z3>9j5d2P1^cmY~giqEZ9H6gY_-KkLj6bl3Z!XE^Wtc&}pwsSV3b-MS2s?>5osw%bS
zY{!i6KIcWw>wA*!p;v+0^*SCyqM~oB?3jHjt2;y#V`J5ov2k*?>5a;RA&?@@Odhke
z+UDx2FuHWNQMpGZ%GDs}Q#ms^yLfx`4u+>}(5_;O(>QFETI%{%+gePT8(xbHYj5jd
zBVCjdq0ew+&l*-#*V-ei1IkQt2t4~YJ3}A0RrVJ)(RM+#tZcGgn$^UhB?I|QR^K`R
zA?!(tC$3{1ic4@ib7~2}yxP|J^|h!?2%w~Aq6}bNh_!-k_;$bM`$r1Y%dP>Jg)=~_
z*2^=BXh^T}O)k&Jckf=m(jez~$)rL!x!SEZc`Kj36QA4B=nAbZd7VwRyl(H69RQi*
zlzp4G-|bdM-~p24CTj(jo-xS!L1vQIY|HOqDjI>aZlj9t#OkK1J}H7yJp+5yc2^V=
zg`cJ>UVwKL!?v=#*%thsHM{f%TjC9|J;BIw%TH^5#{kf+dxXUU2=q%7VRu3uDwV;h
zq6`{+R2>}O504<n^RmqwzPX=l;0-ff_0fagfW4oc9I4J}iN9fAeN|TNS6>lMLah9&
zT?=+b2zSYFU(@-p<y5sHUwd89E3@IBO>jen!R91P_Uz&%-n7c$h_T@sgjOdyW0+!l
z!%O!4n^zadpuqH#KCup4wb|@S#Hv=|wpAl2HS2V8J2ExSIplr-H2gW=>>%k{CxDT$
zm_rENmS<?gKVK>UzY9@+S2gWbTc5IV7@!3NSuJ$a`mA~=W34;7aavTnY|IY1)DHFf
z==2T)zisX?4L^)%O@QgBOrAMairi(gOerk{FQwLn2t}|&QqO34^GO+Ab_fG|uQXjm
z1X4<t{!Cqwc`5s)jO7^pB6wZgJH={EY1`(L<cWpou8zE^C1-Et)S1kLX@3C>_Uk+B
z#{U*`->5PL!0r{upOsBieT{zqZ>l?1RKyq#4}rp=B6-xIm6x_$N6T9=FoW{@Z>stN
zswe!fJ$<jMT?sPpkE$XW2tWWa!7i$-8A<uT>ZfO#xk%xC2XfH1%9Pffx6c~u=K`r1
zsyOLlXXsx-y92p?&9tfa<X<NMKYPlqbc_L0fe&aDHCf{K3Lk2Os@$$@FL--%%D|IS
z@5&SP{G|VdN<lC{d?M4xP_k*z&Q96V<ghP~*;3aOmw%UxNwy{b{$}0CKQ4Yemw#ZN
zms9i)0gSF{LP~HJ=~~{3)!L2sHOAlO*Z@YY?lEA-`sBcS!*4kQrREW9oZU)8Cb*_f
z(dYRKzvU-YeSMNPn6qQtpXz3$DL`tabfmBY4l|OH0su)X8?NlT3m;>lTJ^5Am*ug|
zkKq*hT-&!`yK6N6rpx5qcABk7?d-S(IU$T4`0)vtV{<GOiD0)UnMey>i;3#M1i{M=
zR5<&6wVSNObzaH|`0!GvmK>;_qeJ<K)~AJAR1wpV+PY5u%A#v8O9wr*uh2|KMqZb*
zON9vc)4ar>8$7To-g@ub;<Nj9)AI5^IBGIZD668NGT`t)>!waL6)l3uUaG4ed>_-%
zOZ6(NN>$$$Vm#y|7=U+MuT1v&urjELM>a)WF&xw2esV7_SPim>+NxI_jFlp9+R@0-
zFX4?d^}^Cb;8qaaz}CAmRUu*5B_J-U3tj7yx(fhuv=!h_osM3hg>k>u;k1fc#)OSG
zqP?jyC|xt%wRti9nl~bj{`6c(ovvmX{E5#CUS3bHpknP<e-8lkori37---`En|I_b
zmZz_WTVmIuRgI0UMuW*C3=8IVrVn9T@X=C>Fxu5mDihcWNJ|n<p~y^{TeRgYr_?}8
zrtgZjBj*b%q;+*Kg6DzU-VN7n+Da}Uttx;<@V+m8iFO(5_eNQ7Iyz(7eaScK#zkLZ
zW*ctR)ymERa4@%V4;oHWsZwcOHM9s@b4=Kxjj~4rgp_k6FUd>x?fHvicJ|Yi@^9p2
zE;-$lofU98+Wb}&_s6LDL#?vno(9D2>nK^d>1gy4gbaGQBm7MxZbi)tbH}4%up|>Y
zRgV-8qECQCvqZo`(Tcj6LUNMThn)A9CX@&o`7oT5)60w0rm`0XjmV4`2MpsKjr=J)
zNBmg1Cf%1t!Gn*HMmS~ruLG00bZq%Ooehna1f-DXU;KCuse(&2gjbc3)Yw_u^7Q5e
z1UM!|^=33W7d6DN5J3iJ9c+$hPC_MC&elq)4h`t0;`3J2Ih+6~5RW*L$5oaJNps9T
z_#Ufjv~DZp?4LjUu(<m8<J(v7U%&YH?&a$jZ{NTB`IuBm94*()w{^AKF2QLAd$`#N
zXj4@jSGG^A>Mo~6lx>}38DI>Z%APe$+={Xtsf<B4@#-gDgFMc@ft)d%5*98tUEjJq
z7=>t$8UNHw)XADe{%kRyC*CAr?@Mja#o^;<cLp@HIc2*NelXHv^XCt=Le$U4Y**sP
z^c9mEf#LO8ZtF_5)hAI->dn6g*Q`mE@ou75aI<v_P`Qz38Xi>={P`4?DFgSZ)If9%
z0>!TINEw%pN^9edTv%LutZykL6|8RqJ5;Y8JQytjY!WLe74QJOab%fHqSra1`I}|e
z_TKa+7q=kxjPx<+My_o^aiUZ-YW5OC3RUngcpckn)Kv1GMBw&M`|sHOWbwYOcja00
zrYbM1s#W)h`T2b#>Qm->o`=dvZyHYJ>F_+7+Ke0hhBsIgzZOc(s7m&M|HrNt&vU7)
z%Lx~s+i378$>TecADk8Wim#-|U+uD?S3jP;dinL)*JnRVnRI}X4HF=00+H#-U(wur
z63;z98lq*I`hzqN;2$cpa}p<u`P`dfbwVkkA?y|d+^wOTNBJF9-jjM8QPVIi{@9VJ
zDUYR~x5#2Ypg2OYzJ5k?wMv}eEaS}$J6ukdN5}fAM=w^BSHO4jM*A8w_!2xhPQPp(
zM!72r$yN%nZb8;SCGT)K9!vTZ4&AhYC5Az4IK18las$DAZ^Egol70IFN&)QuU~jjg
zylQ#+N$Y24_CCE*+V6<`rZJWwuhaf)?o0K}@kkwE%>W<rl~C_Lp4O^1+MW^;1}&hf
zF^seyd_(t3zd2=WbOzTy$!uer{Q3rCwjqeHz1NP%ng$lKe67u<rBx>&Q?RNbRd9l;
zM30IISFQybcfozJ5;i;$Q~->n>693PWZr=%UC~ARZXn`%NwSldbgGs2{n)gO9%x)6
zwYH~wSmFUJ(6bV<PUQMO`y}o$2ZdwthLpFWw7?6TJ)1m}15-Kr5J<bG61pS`lc{!(
znxZlOIU$ojMpzUDvE1aDfaFjvFR?K)6q5%#CJByk5aisZyaA8UpMLEVpL7WP4jmgD
zsgCZqk-sK@7-8IWd~u^9Z{S7TX1v(m@N%~SXh0L|+{oSYZ1U__%|?bK!2OAuYpLh6
z+(SZnW}a>CC(vi`nLhJ_aKcyVvm+oZoRjd6nsS}U{K%Ad-p2VQeuz%zO6$_2sZDAT
zl-9NPkWWFuqd%Rp{^&-Gjo5x7TC2vS?7`1LNW?Ckvd#$q*w=dhec{(26?VrnIF7W)
zMcIDLGerW}#3|#e)DOa;HydkHHE(~u|Boa|9!{!PUsQQ&!#$AX%j}f>=~vT{-#d?O
zJgw6M``UCmeLOr<?mQ*-IswOI68n+Uoq(Wf!}Icd_yajlduZXq2COGTVY>us^i&@s
z#?w@QMDj^EDgXLEfDpiUKl1JN<K7pWwAzYO_U)^;Uw1;3)N?bv16&ZOb|aT3Oz&wO
z^8BTv(%%~ZgU3dwKlms=7<$<vAv~3vf9X8wE<D_V<!1(>V}r#EP;-WxmR#UplIHzj
zV5~|%Li2N#HYaN==+bB(#*}AOdO*zi>US;WDMkzC169WBJKo&n=T*IBKT3&G3e(g@
zv)17rD515LMz0pyi=k{0)?g1gKnf(lbv3ElJ2b|YTIQEVu<P{f19Z*BYP*#`=~O@f
zY`e`l`v8F_6L?5$g~M5Ib+xLB;$-lPBQOOvf^<rXw!;#f3Cr5>5>UmP0eKo>G7Oem
zPt{eKNaeMKOK_J<g&n(=RI>uj@|b}+9&FM3ggN?wdq-#<>ahMTc*^jn6ZwzfPj0HZ
zowRK+^p$xyG2b&*i&EU3ve>g$*vqfa&POBp|A3`x9Ut1d$vWXdI!QfO847t(Sn)x$
zY+0{(I>jxAdK^S{E{VcZUTZV;MU^p)&pxP7600=$c};~DZ9eIyScr^zXh9{PVsSEN
z^YND82AL9Yc$$Al8=5kcO13w7E^ioMo^YMOCJ&n4XyrX#<kQg);=ZwocD)Qc+Uh`>
z9eX&<uA3@n#N@x(%sL_jpFTO44#)3wPC1XD9TP=qBTzv7s>QR03YKym<tRV?QWo2f
zBp##5%T#n7>onrUWo6254Zsdc#obmJdLn>dy1T^H?l4L~#WT8gO=Z5;`bHy$(>qiI
zrrLDqfu??qewv!j?c!{E-`*%Mnwd()#JW3n$OTU~E3yzIXaz3KAMkf`&BEGSuF-kw
z7L+lsSsBi(D-}fcGzFps0vV{zh0ZhO2smZqlT}`xG&gLLx)KMkr3g7rdF%e(w)Zcb
zxIRZfF$FgU9_kBHMJ}Chcc*L|dERFH&}*;7rmF8x*?8s$uk+zoA#4!o`47BdNcmn6
zNm{T|`uUPyk`j4hzC3`!0Ta7}I*iugu<Sh=RLmubUggnf+5Ks$qvAB5vcaCj1@y^{
zVY0a-7+^u(#A+O!++}3LXr&hQrs-v_%1c0<Oo(E^!l;<JtrI{1lwA>O5Q+*oVOOP9
z@1toFLp}C6FzJ~?olhP35mT3uGOH;UCwY7Tcc2x@06MEP4Gjk1z*t6hv#0}xRdG%H
zzq`FQdM^cDw2*sg)Ll4?)4LTa3C@fFenVAmXax500XwtkMb)}nK|=Cx%M{cXO`Zu;
zkyOP2mBn^M_<=zJGPPMIwoO1c!O}e=!`IyY6HYTY0P=jGH{_|qpKR;na6EdLMRi%z
zyLW$eS(1^dR1w`Sq6)zdGjPQk4}`?sIGg`b5EY%`4}mvLH`TPLs!t|=liYWE9WlB?
zhS`fDt_vv?r|iSe`Uh^x1)s7pB;x>-)5)#B5-qpf@uq6rII$^7j3oY<rp&inL8Lms
z)H0K`QyLNk7Ra4xs%o|-WPws%+SnZBp&)TAw1kJ8?}53V7Aj_<8>^$A6B?kBZ4pPJ
zxStYhesOOTv@AQNAUAEXzYA?4S^L){8VfV_>6~Do1@cE&Bk*}(Sf56adIaP~c1Mc(
zQ17X|!6=Y{?!d$4sGB@Mt_c<R$?JR5NwAyB*E7g#HZZAr`M@nNuR|P22I1Kl7ONYm
zMJlAotfJ(bff?;+YS;&TYK(Kh`59`?%PwKVQfx=BB?W|$QZd)yh(zD$u2`42nybI_
z%zgP08=HW6728FRgn6HAUB}eq#^mXtq*!rhtVsfy?tuSU1DQ1G<{vnQ?QT`%R{lh$
zW<H-VWwV&5t)}@qyQsmbEp`oiEu<>e^p1hrM&!*6z6oz>(L{$+I^gep>MB{{5ewGV
ze5cG-M^mX!gAQeOHPb~J*rDFmOY-IN2wfk#vlvClX`ikT^B%CP(wc9Dg}s8zToV8)
zGWLOd_jW64-d6SCC`jKc_1@5LB*C?tw_@KO2+iy=rlpEddyRQjimltuUhWFf&x=~C
z9DIdv$_s%wWRmk*Hk4IT3SHSauC70o^i-1o3d{ZTNT%^lWe?gc4?Q_{ZVJIWSX4u^
zqnzHZb>>oq&wnj$a_~ldQ`L98hAw=*M^VE~yORn6T+W@c^kjSM2piF+#+t-ysUWLH
z(yHE8VB6fvW~6p+wU70#Fs3Ev9&+pAFSV6nC=ay3yeO`etdG#lQXvf?s$gTG1QhHd
z1lRR%Z`m`wB~*K|9cz(t>sB52-0<pWRp*?2|Kn?R=)k}6TmBX@JNJVHb_Va76zvdQ
zPtsUrCi+P*_2b1fj;8);=m(2&@AKyG_`a+LKXzaG{_MvyD2Cg4Yw{eLp8|#Ns;2!j
z{OzN>3_gOFLY)BF2IBTPpIlUR`)A#!^na}>(hGaa{(|7p*mE*g`dRM{Gc@v~dHmz<
z#8@@uyLay{uGkOa9zt!q+R6u1SKJ^7;|a(=<uo5}3nhAPb8#pCHsxTQ{4etFFS9@U
z;Vg<5^ZEQp2?Px-a=L54)r@_hJ`8{o!cI;NvMyYe3a&IS3@+K<+p`13_|!R-dkn*K
zudZI5Ko=$kb6vgDR=Y;PBVK0hjrjhDD?JRTN&tZw5K64Z*1?`M^R7Wjj7J}88H0mk
zT~~<brInf=#Ql~02qVB>lu(#;3Fc`ukU)5S95I29R7~lVy{oj(134aIe%<g}xSn($
zr@wq^mTF?<1#~a3GXTnE%apf_zQ=x3ZQ=E~<&BEJt#<8p*M33wr=v5(G?SYH`U8up
zUshMv5;IpU6fC?Yx3#*zu~3BiK_PHz4-xoioHsx&a<<rWM1$yFG;UvPoAU0Q_)7zc
zlq*>a|5ZczBB@!(z7<jz#D8w<YK5S`d0|8h4F;vKO^8`dW6H__OXb7tCd}$;Y*F4m
z_HpwJ;qHc3;yXF2?>{vbK6ZJ`{z_!iT0wIdEUH@fMQv2*>$aBS2S&-uO$ccqHf!LQ
zPt8Q`rX@SHwMd0QnuOk|h_k_d{UGj_M<ZBWSOy@dNBrePT@*1%{9lQ2uCVaGu+#Du
zN-QFTrJ7{0HoBQ&FeguG4<`9&${x!%Va|^0=u)mKwRbU3*|TRxk5XIqlr6l4Pqm#>
zHg<9;^yV@ukz6~ag3+T-R3=j+0n;XPYqo#r$V2z!Jp_j8pRQ~f3y9cdko%NFL6}N=
zuk|bNhJFE0E5B<7pE|05oHw-hWEt+~t$t1WxKsw5N@wS6S>n0ib<Lp&h>4(vW?p8>
zBE;De0+<VtN_ApriT8C8(qlSW@|HZaGRL@|ilgVc+pAMXwAki);s;?gi|30(JBn>*
zt-cFIX<mHZN)@@QNKfR+I%Ryjow_Qu0Sk8AA6g|jWiMUd5Zd7T@jLyY5r_ux96SeT
zRw<*X^z_l_N-jM@w%VUNS|8#RTdTXydBe|&dyFE!&TmD@-ko1CC@iFPEOk4!6)VMc
z)#m7!mAA#=)e*^*pV}yTY)`V0wo=^ux|3FK$kVV^O;ol&xP7!oLe12>U0I64Zi+NV
zoBHX@^E^-Pi|)j@Hfr|Tlxq5RmuCW}`WwmJu+%6ix?oGw)7Vj6Ckp*9_>pELxCkBW
zf2ncuO(B}5xR?4dpt>u>CJR%q>i2)J%|m$4&xZ%sqMg`ZC-PTBTGc7vAR6j&UL@s6
z{iJh!I=0S!H=P`8D08LERl2HJ1BI-i!Yj^!sW651b@t&(Y<?8=&xh0L$#i;h{`Sqg
z%a>ojfA{jux6@5_pkB|*>!V|1VtIY`{o6}YPz#dK549g==}*0>w`7yQuw?*$Jz{y8
z0S<&Rjmx9RTddlk;rbLAd8b3<F)w$#U?>AOQ&n#2{l&MJXV0;3KOas{=)W<;o*Q7h
z4&~;bR)6+C|NEc&pFS0IGyJ35c)0#=;Q4;st^YflMgLj<_kYBHwuIuF3PQ6E4x|n_
zle}j%aV>Ehel4XW`diDdm&ZMCS<A1%UAshnuTrm|z<MvtOnazkWj?T-S9b#dRJ^=r
zl2HL_D56yKx;WM4F_wFu>)U1D8**6tAK}=BX2%w`U(%$rr;L2ND+(=|?jL`@KU>@6
zw9}>iFm1S$U)seknZI|n9_il$>-hMW`&am}Z(;5Cd;$ng&b(pXMh8sFyif85@F!!;
zZE&?PK2a?P7UY9pWGBA(@Sq6#M;3*2qd#}_p*a}uZb&s9Fh{fse4*oVR-gY;7F)ZX
zhN_()J2M}?`gvf3+KGO`m(Cy_ZA?w}A8bnRmu`U0^s9$QvFG((*Zc21(BFMT`<;Yv
zGWo(E?)Re<_7CNuPoFZn$D7szz7fSnY8ulOZ=2r05b$`nWo@NS!od4oJ~aGF=g<tj
zG{9K^_vXFIcj$+mz~c*J2cryOknzC#)7``Lrq-}VBUpxdrf`%VWq3#z4LIr>Np8i{
zPrL2(t0lYR4cnCjn%V?e-0Zq{kW^OOpk1ge0}6`8(`Zg<;dS;kGzDah%1dCG%H2w!
zF~d!do?sUzrhYNjR!1Qy0wL&9SI5@z$!saRs*>8k9<wx=&UXX^kOV)s{F+rorqTbF
z!88owB|C%~zS&NB0X{6lsqatcOR1gF3eE?i@6V5pH2Z%>Dw}CVvQPb(R`L^{w?&@j
zZE=s5v?*D<LR|Co{<1Ts7el~DI4>d0%jhe14&|V~sIF{jDu?Fnbi~+Od86Lt4FZ4H
zG~5O%zM{{;R_`<zKgu4QiE=vn%CTtg8eNh~%}uBwOP8R|tMpy)XD?}x%5AWew9blx
z{kPYzx~OofG;;q^9x<lt&LK!6uZ6k}bIgXOu^_n91ih0@g_yL;ge0d$a;T*(-vm>D
zEg=Ds9ddGPS<3c?x3cr3hNry#^)^{vwY(MUU2!EK4%YyLa<+VK;BJ<quN0tRRaDpa
z_Sl;Wv9g(GjjoElE}-z9945((9w9P+FXkRCNKOiMkD;B8MvQ&MmY9UKWPkn(<ugnA
zP_j9D0NocI?&W;c6#Q1a0xSYiql2gWsk}&>H~ItsdG67V&0Bo}mUF$)fLcfkB@TnK
zHSp<kjOS@CR2IAr`ljD!``+o3`<@h`vjj+Ky1k#EZF1l%^`QTuvQjEgOZuhd$enlk
zL@ou-9;85D*uVBFH0X>5bUw701Mfdd{N4RlJc%m2xS!msif3Q*f|seNUtT;+vGXnx
z#VLAZ4bslcf5q_X%ZxeS=^@B8@A&odw1<O7^_h;bK=U3X1wHCfdQd6S->bVQz`JO;
z*p^~~Is)$hBsX$ai3Z%j3PKaAVDa*PQ`O?3dW(R#uG0WI&E^eM{l!Gdhim6ODbnwu
zT-BovFd1(llS~2OY4Bgem{mH2MSJSjMN<}J1n|4#_l*XQpF&Ypxrn@JG03TZIZE*k
z%aSX!c~a{G3y@jdg;LxKCCNeL)v5TL797)hPxt?0bk-_N+*1r4hdT(zoUc{HR=GpS
zRV3cc3X`%~Yw%w;71TxhBoHUR7AjEg4v++SLq!of*DqUa8i$JcEnikyA2RuHrkl!@
zc=|<_j9Bp0dBV&DFakWZ$yFjUJXJVA3Km<wOmL>%9Ae(Er6ePz!T<OF`M>R=FcZ|6
zxdo^)$Bzyb)DgqeqRngBh!y|_X;2{qYUox|f?ZB9)cs-s_9O}0FP}RtN%0c)h29Ek
zUsDNEN<D=x0-+-ViQI&un?@nqfmkOtI>URn+3@<_)T%JtaWpz>jKqoZ8s>k(Tb&Zj
zDAtx0#-57;!b+a$rX7esD=xy;)h$4YhiwZ;W7QgqiYcoO;ZV(VB&AvFdBYOsjh$&B
zH3!qF8ZshHEo}<)uB)EkL9zNf#Zc6TKpdw!GXakp>##HQz3~tokT2slK2X}D>>2Ky
z5n~Dyt@G-hmkFYV<Ad*fWh>JR<bC$u`U6D@23j-jZ|kUSTCr_LBm09~hI*&G$~S`F
z=Ec1#e9S7fR2tX45l~0+3bsr6NoU%DUk?*i0ZIXiXCTr*focX+h^*Gg{%nkzywIkj
z(S*I|6z6t9JlzV?Mp5B-Tp`x{<#Svs45Yx*tB~zgcK^%gQ_vki#W1CMrQYAGFJC|j
zD%te0E<a&Vu0XM~9D6ijulXmzI740Elt?lzZl|6BSVVH*9k7WlG$-N#cBaB{Y7cU5
zQ=veYC6E+8LjXc|<)D(I$pypj<VIS)21HXm=ja|D6fE%3a~0X_3LneSM4rj5T&G^C
zd>zz`><SZjc$U$e#^KRf06{eyl9^AH4k&P(E&n7`y=VYwu*hJXT~}3RYkgzRf(FG<
zs<rOJv98U$sUAbz{=)iqwwAS9Ku%5-maoGA_33EB-ifAVS&ixZQr*`xP+<`-RS}JD
zs?mg9?Cc%WR_wp-a?vumPEh^ITtj(lFKwQtV%q{c|D{?rav%JgE{62}^3`8X{#_E0
zG~~*jKXTCl1}RvH8m1EJCFRa_nxh6zfITs}CT$BQK8uu1@|KyrWnF7VNBKe~<%%~q
zBgWDjIk?Fs9Qso@`8_;eY)NvL_qgrU3~AxsN8$eKPB6l${NhJ)^K?y<Iy?icKvcRZ
z`9|@lTNGQ!K9Vm_n;Qgv0Z#I9C7Sl*w&rP@r=mGIz|SY-^CPozn5t~j5LyE{&U+9H
zSU0$;GkxRgvVvGJgl|M4-yTiC6lF6;G1yfbb^4<-ScI6x_(en0-%jw`BM@h}Rv7dx
zqR}Nlxd1^6Yer*?naS(60Lo;2l(;076>TKTH=7+sAxTP*R>rt_lZM%HRc(}@i|P&f
zLjHcrtQBj@x7)@<OpO^NPu}t(&rTsIXsY{r%3k8{I;#KHpMq~!2hIKZnz!kV$~@li
z?FYo4`WgTDb^Jh_-1u}Tj_;Tae4~>g?I+{kkJ;;PnBIq<yWP9Q2u3;P!!j?9em`aF
zToh1a#7wP0n>F$FDo*N{eb|+`MoONZT)sGa{`$pqlO33!DQvQ4UUr_f7?1QI+4z5U
zG{b-X_oe^21@`|5!9S11|M>E12)gk<K`{Hz_@Dm~{~b7YZV$+Sn(<q_+CY`)p?6sP
zczp?&RJa>$`N4u{t~Q8Hr5}|F{Tus1+_T@<yZfzRzp>{Q{to_yAO1G_?Q}AkOz{8p
zADzF-e~o@)AG!`=$?1p-;^39<N6``cja4fE9Qw`7fdhc@8(aSR`;v7?q8oaEWSlr8
z-Os_6X+b6WpL=m2KVMaqZ1}9e0;O!*h+S5(w!PN^9Ds*fo91si$&)rT6udCdWHOgc
z!rK1E&U%8sHU_DNRiO26Z2945w>7XGUhIkjEKt3MlG)4|8dw@3^vT3etHGdNsjisS
zE-$h@<Ff|&p<#v2LJ;dcM1*g*g_+E4l?|*Dudj#b&SFUy<p4>yzTROmoGot*kPen=
zge-B9?pnE{m*YSEDrJOSD{6>|+3@stMt%d_!?Du^MQErOk<*Lwev9Cb?ral~O=0oM
zyy&)s(#spZ8Cbg@bee<VXdwp(bo)*H2}6tHOL|h_`;Do$SYDbsV&L#E)y6<DhN=WJ
z#cyosdtSFO9NszK4xOmTHuai+RuE{QA(@<kg73=o28p}0`#3ZMljG3?v<2ggW`PQX
zgdU!Ov$M}>*K2FBaCe_%(~u3NIIn{|rc9VnKn)1XZ#u?ExsdMKb+ZZv#v7A^JbW}2
zf}rBtz<&pLrB6A+a|Jp`5&xXRXB{iVV7p=uV_hsF(iE~^r#v6({ua52VzJ4lFx|vy
z>GnrH$WKGcPhSkCs%w)A*OlG|_5@&Km<n9|RS5edY6wwlzXp^IQ~qjj+VZRruT@Er
zffJP26LhBPG2IC0Hf9m>yo8K{Tik55kS*`ZHZL4$L2BXV@Tm$W5NMz{r^N{@IQWgk
z7R;rJqk+XUhvVZO(rz49f3AF&eO=njleWS;$W9!fU*Q!5rXj-WPV#b9?aFM3<(W9I
zf!1g4ndR5|xMDN953;2&h!)e^cqY=-$6ywvL9&?m11-sW*5(2ZoYBB(^9|t<I^VRS
z*l%VMuuB6sghDg>E8i5aMSU%_Uu$5)EE2Lc&vntVyBndZpbAr64{CC6BstkvphwC=
zLxUn?`I_+(OQ`A(U5G`;V`q`qtZh$QS}VLl`X|7NU+A-s#Jz5H<&s_nJY(krIz!WF
z!z%__@xH8;_m{5*n;-$V1G~{}M4_~rfZpDQ*n29v&F%~27#L?vZhvGD>asD#S3APM
zgY|b2ICYbkQ0W$t1M-H=WG82Px=12L2Ku*f`&SE|{UdwkL)Uz_Z$*A9O3_FeU^Q@{
zquFD6#bD{)J|WNRNe~Yg3GNR|aVnQBnZTuiCgUD6f;Z({S{Dv=HKSx^eNiZ&iEL=!
zl~pFRU2K3EMGI%*-c*@^hSQ~GdDG<Act`iARg!<-@N4n9$_B>fFZz=4o41#*&tAFH
zv#qjy@}uYWkl-e(ejf5tKL$JT5`LdR!Y=+52rk){=XG;5FbIXQICQyp)EOg@tazhj
zOF1MZk@d!Osmm4jhZRQyGb3(A-6LYaO9y1cU^c9xOR=D>`6H0gUDVy7sWHg11Gngc
zs;np%n%5swzm4^NKz56rL0wuqKWh9?r$!%UFrWa;tXkSJ;)jk;e;udW-S~7o^MlR!
zc#O!Q`0v;G`1j+nswMyUtG{=94)D_=yJ(tD(XN4Y_Q@n&i57haiU8{rB$G0ni!a*j
zn?1J<_Q0_TTpdz!6D?ID_Q@b`!F}KqTrUK;9w5m!D+JVb)UX&*J_VPY!tc;kzmXTY
zEF8iZAUI)Q$%Br<u1!sL7oi_+fWw*ahyk+Rqh!I)H$WBTz!!V<n8+u33|95yT6mOF
z`G96KpvE*e)!ik(lVan*)>(8k$)1|k19}~@g}5yE%C&hI7ACiy%X(CSz<$5xGuI@h
z&0)IEW`CGY(eZ)3N{kR!Pbrozn}|Dxjythxs`Qf>I19mSKpE6_wasQ%=8CJ_=A0Qi
zdybw`IiKeP`^}&4*>Ad1G@1{jY9+^IfHk$@V|;Q`Z48RQ$$%my34wHgl{N>~8zor7
zJ%7?4=)#*C_YkI7R}CM!74M&-%eVu64*G`*zn7vRze6Pk-EY@&QbC_lE?szr<tI>>
z0_oYRHZG<%yU_7pDqxC@f!LT;H5+RjoH0zK`B!g9d#y*lH}9K|%m^SQK;HaP!h4Ie
z+g3_DGf@1vlFe46uI=a%e3pJ+f@JoP8EGFqjhynq`x!*eA;R;%;PGfbDP01dGDQ9%
z3;$Edcd=ZC+E@?<<glCcMx>vfi)}4ZJ}7tjK|*~9kf_t33JsxS@S$)5|3K$+xvwh4
z{@<&zKf{4PsHUQ#jo%^Hl^o!k|N8t51Tqx2imi>+J5wp@6nbHL1sDc{XnTE`g|2DG
zjlDKO*JqR%)6^ykS`K<uRM*!cdkHCd%{echS7!<#`1EfjL)e$IvMTR4)eh9hQ;g%=
zI{-9Eyyn}p2mBPXaIx1-p@ms2b#$)DIU8<ItE!4uzd3L2H1|q@e(aex^uaYxY4LqM
zpxVsv-c$P+^2`K#fBDL&&cvPzu}V{SuRmCnqt{xLECz1Dt}WSZRo;gW#_n~FMYl&L
z4g1_hQS40wJ(E8vOW3|yN43{xc*~P(LKYvig7^BTc}>4ZzU%wk*BA9YJu1JB`8IzC
z1=FNnQ48qG+x08RCWHsd!8tyK&K-}T5Zbp`-b%h(o~y6AFYctKeI-vo)8=Vo9?LcO
zeeV`@g7Eu8?HEJ%4AlUX0hJDKNO@t|Ky#H}m%FWE0P<(N<<9xGO>a2)9TFMg!wD2*
z``h?Wzk*kM0%>Zt-r3*A@+GE#!2UKio)7t&erU1Sx^zrsw!e)B_|e{)jQt}tOUQxM
z+<`cRJ5??lTZ?|r!L{FF;>$pr-cXwwQJ8=X=QbV`9copB;mw$b=pYBf7pld_yS8^a
z;>E+$L1uwgV0(B%x(U+*QZ~K7k*-p_u-M23vrFs!+zDH8i*^ne756$52WrSFl}ab~
zU@vGjUn*zq%{=d0TU}`aHoQe+)J2OSYF%|CUq6<C4luIy4)nf%t9hAK8$<FhkM-~e
z(dU)}ZdWYg3R7Wb3g={azRZvu-??*o_fDQ%>%ngI7w}8FWok+GyCokz*rh@Fd%hT0
zPt(fZzn)`wKGd%@Xj%PPile}lvDAw;?tYJa<78Lvi`fbNMgO#-t*}s^>Iz&B99O3$
z1sV9RmP1Mr;-}wk;7+u98-X<;OUdyvzZ&R^wFo_y$2`!wd#B155n8dW)VPsXnQ)=U
z8*}ql`%QN3JS{*nyu8>mP)hF0J8*@i!XVzc-<8k_`H(UJ+(F<S-rplK^&iIG6#jSO
zjfXA?`rVr<6MGiHJ^$d__&XP2PeY!yU*VgWvQf941^}G$ktX{2)B|h1KYHuYxqb8~
zlho^hmc9K3A5-<?!S=`JsNlZ57~oPXo_-Q#hEn{4A#C#w+j72iN*e7MbEhc-chPSt
zbgwtJrL&8dCihT|ZlIpaV{Pv<0?h}5Sls6KYdCHj#jtm69(fPUqH?f3X#$6DyKwQq
z)ai?L@YuQ3o9%$zc-{$6b*XD3+)&rS%Q0v#k2)4j9U5Y)tb%{UMY4x=x4yK2^;R~W
zmwnGi&@mZ*S~TXc=&vrO?5(Mony>Y9hy~6YX3o>zxqLW$F?8AF`vy_-RZ`0XsT___
zM3Om%I$-Ni^i6Uz?@1wHL@~9F#UUMnw)Rb3^;KR!dMpTy(ei~~-tc2y!N7C<ws1!p
z6-^7DUFV=??Z0$usVK99Byyo0urHdFW0IY*9@K(oawA<<Rr^g|2rNU7)`R1*b<d3<
zD^30KUW&Q!!_YZu>a{UD)w|8=Wz+0Ly_chfVbTvYq#o(>tIKZ~P+~cd+AkFDYa5Dv
zoC6jxU**M+$Qwp}zZ+P2M}r8%hYvIkQ3x+-6`BG2p5r4_feTW$o{*Sh0Atqvr@Uk}
zznh@T1PWK|-D*z=y>-;{2P1DuMWa3KsgTu6RTSZMpN-6tfpFDb1KiWpQrPqY%=&F)
zpdMVP>NZ2-Wk|-QTFR8`MHj_Ev&Q)QH?J-xDq3fJ4F3$wzXyhi8~2jmeb;V^*S!9;
z+kOM<&<?nlqhMe+fA{Y7E4Jk|q#|NM;@h9jt}Yl-V}_i9I$?*rZ1aY1?k5{~W3tw7
z96c~s81-4zgJCzZ8&Y{C6hwsn2vci2=_qBDiJprM93VPk2i$Bg{@eMh_g61}d@&vf
z=5adspm8PYBns@kyC9B5iroVnVL><e+pVc$VKF^1EK-4F82MCL0LZRSA7kz7J&_Ck
zf<)^*xBjENWNUs~K`^gVhzwldl&xzA(Q?XmIRc59AkUq?i+kDjQx)q!piNv?)pa2*
zs!UaP+aLDrJ>+A2h$0rgd!b6{4H&JwzK@aAvm4khdzyGzwxYh}1JR(~KxA3$4UxVP
zyl8JAaIn9Jf~fBmq46;ISr-$?hSPS6gKpvV<^GG~rfS-=BInIOU*@w#S8ulUlgn!+
z%C=U(Iu}*OPDGoYNP2rsxQ_(M&%LKDzgqxEacMl)5ctwxoCk9t_EN@uI<TAO18NY~
z?lRSYs?rgQ>}B?(mUWqze%l@4STjr0uKW`87>uUEg8kdA;5FNonc^&iZEkscgPH>^
zEb~}TbuF8Lo)RO3oE&xmrVfhXqg-do_5syFs`45`F<?HAS*}2wpfFUU@ga5eEtZ=w
zm7Q?6tC}6ZvE{;B_>T?Xv5G_kn`yQ;Sf7}4X`LtovjX?q4_B^rxnD@>(OG}AtkFQP
z!$(sL9_;F|)b#Qeq1swAN=e2>ndy%Jsbr6X;lYtSH0}PEPP;AQ)v%^1>>;6gqOOSb
z$9g(E*M9P(xqh&JPwmfOIj4cs=yvIAw<z5Yq$Hla)Tj2B%?<#G5Q?K#CG=EHJHQ27
z2}J${#~##9*(W-6`OQ8TQ^&s5<8jXEdGeW&{B58u*D!t|nP9c<a&xnvhpTh-o9;sX
z_vOuAWS+hwFl~cY8ITQQ2JYUL_9l>okF;YlNg!;zN<T@G)dTJ9P21}1uz{9L8W&B{
z(nuQnS{%yJih9wxZc~8bti;%VW%*Q0kL7QtY#dCZ$ea3;U$RgBe7tw3x)me_l!eFJ
zM{5;~6x!O;$Rn9y(Ib-z+eGn{y@TnO#2--2ea8UwQdMDpg5BDX-*2&w=k6}l)c=sJ
zTDP}Pi-==yKs?iB<@ZZqny#*L-Y48~!0S=S4<0lfYs!0U-tjycoco8Z-L#bbKv%uN
zu4)<Y!EQp?^?_-n!C@wfu$#g`TiUA!=$3TO#bs5sLn(G~68GGeFw>?OEpHmpHUmj+
z1Ff|~bMJ(1>dwD=b=42t8XidAnn=I?;f?y4R9X%&-hLY>=*nMEw3<Zp?HQU|c6z|F
z>_5qt-KiD+@Nge7W<Q!y?HIHFK+BhVQ+51c@kdj2hWj#n^73|H#Aej-0?Ku**6g~j
zs@r>aO)-JMWJ@a`-tYTLBSMrt(3zYU`G1JF<v=oD<Wra3OY<^9o<baF-Lx)#sDe#w
zOi)*bb$G8uYY@Nkl4l?emThrAWtX}{=h7I4QsET)TnSU(UKt`DV8qawS5SCxe;8Uw
z&AS>$u_Xzds%~gzOE1*AnxXjxf%g!iQ<PA^bg!wz>DLw7$wjumgK;O(N|!tZY**6X
zfj*V@I-nK71{<bw!%+P07H1@P=)-fmud`t?8;G3Kd$AwfXX+beRr#znRgQG%pZee!
zF=}zub;sE91My9sMnN>2-mYh>kBe~auZ4)k_;`F*)t}ZybvNPH*R{BY(xtN`p589f
zz)zDn%#t7*ACIr|_H;H4ros4lJcuND>Mwk6dYi01rlH3_22sL4M(L2HUDtvia0hmB
zF41uz$7E{eFPSKBC4bw?sg;-u@l`K2JReH0a+-mc7|$}ekxUeY{62@|d$i>`2(JpC
z?y*jMR}ClX91UceYuY!}Mi}v7+yjUlkki!TJ#)I)JEsab^NXhSQmluPWgi+)Edb~`
zrK8$4^+|KXYn$;@i}n7Yy|43&TCDTW{kG>F2#cy}+55|vrgd#l2Pp=iG9DS>ka*<B
zi>_bA0UJ<g>$>zhI)4B)LdiKa(+M$W5JKHT^giAz?H3#9UC--dykU+T`~Bsse^uqg
zm)+<>BD*b*@uej?QSS2Q(T)BSA4)M#27Ceil~;dG@Ayyv!7rQ7!=YCTchGOQqGTK_
zlE*mc*Z)mk=nu$r4_5i<H|XT^>Qn`!!F2f}<GCj}`s#9i;La%WwMg&N0Soxd@1&)u
z7dzf#l{KR1P145%tKyM}!cICIaj+pI0ORaaS>2UvyIU1`%3giV9tc7yo*X_n4;~I5
zR7_fBnm!yVxOvQn+sTmntIG8Q!3I6H#viLugTM?{@VtB{KDPs#wcHnx7<7!npBCtL
zRTlJzf_!w8<KF3g5a%HdT$T3=U>;}_yUh#bK_1ZT0-D3yvNs0HNPC@Oxd!}|CX;8c
zXy?Qbzcq<J1~}YEOaKzE_~@Qf)@@DdRKt*bQ4kC^Ys53KDMPgiv@6^G^c~CwIA~bb
z-B#H{0iW^AdobXWG}J}wa~pY{H}wwA@z=ZTT0D#r82Z8fT+YYn?zc{b9q+IT$?h7b
z&=~uGVQQ$^y@5wwKLy-z^Hv$N#28Y0ax&RaPxcs}LO=Y&bGqT5-<SNB=f$9(H0&U0
z*%P>}GF|_Mmk?KA$xPXc9PTh)GQMi6V%G`-L{`hYRMe>`TeW@1-tbE72|)@X_v-q`
zqPILLu3{kgu4~TTYzxr}si5ma-k9?Xq1yyM&|K{)HgnAK>#{OMeN@<tk?x>Kg9)UQ
zGL?!X(bb_lL4N0ai&1O23L_X~_S-tI;G=>!&9L#b<M42@m)O!Fu<Sv8_W8-4Zd5DL
zxY$h7HP4G(E#BSKqPeMx{#gv-*u5&C7!rQPTK$<(!Hn-2T4MxO<guPe>GfOD4x4O)
zIO&PY3b*eWMi-!>vcDVSUw<`b*uRbcHfB>q>zzKJxv<}VKPjr~!3>>;$1o^Q%>75l
zpz<9w)a9O`$Y!3}C1nD8E((6H&^r1(TX=&#Q{S>oe!Q<k1VikLcHUOhIk17@E}@R-
zZo3wdaWKe;tweh#M9JE_s?#S8vj{h?+dqFmq#5j<f=Junzu9pAs$KiEnc9CYOvuJl
zkLV)$k|WxQ2$6jWpW2s)4{0YF|9_c7x^EDJr*!c+rx`e<1C#p5G3|8fN#``_n>6;H
z({7iZeo#AId*q~2{Nu+@YA+t?j~vxb2Om4D$sS%p&+5aowg0e!2D95f^{CDUy0ZVM
zD&lre`N7jV^6)wB*lZs=r@dbMlaA@|2nG*nH+}MHhqOPChmWY!p+`<Z?0v~8aC-8`
z&VbXo$4)?3-yb>w?(95e|4TjK4HOgFi)j;e;sIgSb(NmsnO9-QQ(g$Drggb1L}P)=
z_UJD2#MNC0(%JvV-u3mijU4ej`%^5GKG?vCCMl7W1Kfk_q!**URFIt9LkrZjw6Y0P
zqDoS6UEANi;LI+$T+Xg&=L)o_^$^?9a%OfpT+Ys)-!#<|@p37R=4s8SqTgIcpI5q4
z<&{)K!MKY5aGK{aR4+HzGkHA&0;Y(r!q8Z67*X|x3MW~Zw#FQ7+ljd0w&rD?EM^?m
zEZGoU117E-H19EiZEK~!7@<|8lTqiPjv1EDuo{t--9r{#nThsH`i+!X6Q(plMX=m5
z%jo3fWwYFqWFHam23!no-86JT-|&**t!UCW_T=PuWHDyrN1D0+IlE`ss^l9&5F}O0
zV$R!F*`wl#+JOB}ZWO-g$<_6`_oLgE%c6);_wCX{5$7%PEkz`aEi<O7XeQ7})OaPN
zs_(jP3n+E$o`gnF)%H+72vtl~Rs3vMa(mIYR`@=vuIQ6Ahop@g-?&@IRj_Q!H^ptT
zDj8gD+3k?Jsl-}~-k{9(WHTg4np#m1Xra!EoHfzR43O$gM*o58C0U4(?;!G8-dc*4
zip4Eo?otDKX=us)SG>115j8?X>?oKDbh_Q<8MTXzTbWccD?{WGt#+G*+8-y+zH`$i
zj%H2_ef##Nf<|80%Ol(+YJn{92z2RQ*`6IP#%IRW(P<42M~9*@;WHxo=#UECA!&N_
zJPRzmjUJtn8F_u|lnyZ}4>Iz*H^?;AoR?>5oUDn!*u*6i_G;c-bES02Y*4t&lAB!7
z-JRp4Uu>w@k7nYJ+QBU<B~QGdd+hXLXg`!7-|vE<8g2tnHAOiz#PW+Kvf66+*2L!b
z;IW9W=^(PFG@Mc4BDNwtJaH$~Mr%QJ@wM$jrCMUgIXi3%q;gF2Y{4-cL0dtdKkm6@
zhz{Z^1|9yFrP@Ap)!kb`!dC(5kV;eTdnhtd>Dy#{P^5f%bMyWP5TV<Cend#J$=T53
zOzg)o9w<dK&cw9u2LW|RG=N6NyD}T*K+qifw#m@Vuns0;ZQ*P!q<YA;H%-PWADNOJ
zO#GLmWWPqxm#HQ8x9-Y$Lby^oxrWD!xLEuhX;SAjGuu72QbEw(eP^;ZN-m11?t#ww
zd2(|DjTXVPDmBVlLbYEoV{ugwoE#Z?Vzrx7*<`y*?vtB5Ssvd_ilGqZ6=G5qSwYy2
z{9VR3FIhFu@gryaa#^P40=ppeySj9~`jVB?oEHj?eJ^e~|Hq7%`Ge?{)a8a1PNLd5
zyJzco^Psflsh$})$v|`L0z0u)s)czRloQk@jOkb%g#EHP%(Sbc3t<Wek>7Fd;81zQ
zfd-ax!kZiE%Aj$aC2Di+AF_C=EwbJv+sm~0#`9!FC_u}5IKNA_P}lRl8Z9#ve^}^!
z218fol=JOnLN4)1$7cmvRA?P2>Tcf4Sb>-xuH$WSED>%Gp)BgxPnVzn^6}^S#ivix
zO4DR3+C_|5F0^TBmc6*WT+r42ff|59jUJB)+GSkw)h?a$(w<)C_f0RGHx!M^-V8C?
z%l<x#U--t-wk6$zdl~09oJQsJeXngf<JdihvutUTWSd{|c)_REs7*NPW?^62C>ZrZ
z;rlBuifZ>IOAkkMh+Mgxt?_!hmx$m;@ATn_j%Sk`>xyav&!RMCT2DN+;^<5yu8ID8
z0)&L+e6!@acq*mtK#fjw?uAVUlksnPx^5aH8ZFW?O9d1=b%Ry(smpq#J)M>^*RZzB
z80QLu_M!4C3~w4iR*ZT)54(a-J6=1YfFkVXM^fo->`(#}h_y=~z0lwl{E5}RN0#MG
zq`pDYY{APT{SGu}+2=%{yPMEf?;8rtcA2qwQJq6|C*kSz9Lqm)hy6*bqLqC)8oZ4S
z=S#kH+M2uCrRgSKb7N|u)=9P1`=h$Jap8m0zoIU2F%EN{^0?r`>YJmhYPsZhu*kxK
ztA|vAHUmJsO1mrFcdp~I*k^ouBMm{Rw!T{iu6*F&nSyEL@tVtCxn1*{mceLedwMdk
z$<W>-N5$>9`o|^*Wk`D>$=TX}*1*(rJkP1~VVfemud@px5w@efUuPGDFS}9G+DI!t
z93LwXoLaL%yF$`EQ-wAuy2!SeQ}M*E&TiwpbiTxEu5bX4j+sqpW`nUT*a(|Q*Au&%
zp)xzQzesXJz$$$C*qq#+uc6C+QLkjD^_8%Yn;Hkpxtjov>G#_I-DYX-$ut^uH%UmB
z7415z+u0VPc?)UAtHx4zD*^eiaQHtLd`oQ7e$c9n!C$f!JD;**cRkFZo~ABzUZgw7
zK$cy8!FMDYLYz+-jBdS~tTH9rv-6KLN~Uhd)S5c*Mr15WPNHFB;RM$9l$ksfh+oCa
z>nDLF;zhpWMNs79h3zf5Ei+`sG%^eNlp|6t?LhQZd94)iuwFO-T@tT|Bcrg6Y=N0A
zn|i}ll9oK@*e?|74yQ6#UVHgjCsIE+27}u3$6Cajt+5hbX4&8IheBL)Bq~>Mnl<SH
zp@*>68B_@M+c4dhy<rvJTpi%~8iI3Qv2l@KFRxlPkJbW-qv`qDJF-&l>9;d!VE~L~
zwYkiAy!<UsN&p2IP)sbRFVA<!*5g+xxSD3LjLR4+>Im9eBO}@3hE*2{FC;8fnr)Da
zOb#Jg8TUqSLf|Nh4jNc<AdNLK6Gin~41|0Ty&~9Xm@reUvj9#_d4pil>=G&mL#)vA
zU271>b_1ZJ4Mh@h5WAf+@q*UotI{iyf04JcyVDkcEwNH1987*mC>1QqERSzERD4jg
zZ<|4L9L*NhaD5Tzg)Mg1<O$XDHGH-?4g{*w{Dpe=x-$^Xz|@e`69@Z#9ZB=+cp>_y
zP;avdQQkZI<LR05Dz9E$vQtZ2lYw^5<E5!(lIOS3l73T~{?{OlGS<0Rz;ZMt#BzUw
zhU;qjgK$D=CI+63Kl5~L*nUS8a8q-l7HU;l(oS)Ej0Nflvn9J-w!^W?LddW$&SB5?
z7q#QRYUqyG3Fj@+t!Gl>YP`vz>Zw%NCDrDk(TAe6@;1RYrE)iD4bVgY^kU=NFY-+j
z$L`&__pA5J`#_y}el$KZfSqZa_F$iB%nf}<!!BU2i3Au9dz5Bk?0ils4O$Jo7Z3$7
z>Q8iH)}IZ{i_{zSX{7|PYtJNlk@mc53Hm9LR^W0<ae9#sA#;NwO-9DbM&mruKm;ek
z^@A|qnwAyI_Bl;R_3rKSfBccSB;QUizJ8iJ>!ov(mFsQ#d-8By*A2&G`02W?{?iMB
z@jGuEj{Nc13%&6>*Bb?6?;Uf0Pa#a7T~WsQJNJiq>67~(`Mj3~*}=j4_pH^w_TZq}
zb5>cJX7>=qM9T@xPf<OMgTaX&=kc1CJTG+kC^V?z4WN=GO*eS4-5ne}J`NEwh_e9<
zcHpazvdwS0TW@Ayt_|4m`5DIlK~RD6DfZ!Kc39@g`ZP`1;A&9!erL`{`OE39%)}qn
zwwm*88ZS5-{B1K}gTWCHzUor$jI0J;fe3uFgsTYo%ZDwe<#qt*ME+$VA(jABd6R6@
zkWl7Ue=FzL{6|j?#btH(koXh(Gk>VwG?)sfQiBd?!1d|i>BDe19OA$7hxTjr7jQ)P
zm?&~%z~irvkIbnUJwJC|dev7K$%YF^hv(<&Ry{s8p)BM2I_&wG9@|~Wy<-Wz!)xj#
pRaO@lmnK!rF--%ne|yuuecnEApZ}`QzXJdO|NlU&R3rfK1OQSdJPQB-

literal 0
HcmV?d00001

diff --git a/assets/kong/kong-2.39.0.tgz b/assets/kong/kong-2.39.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..ce43c2f06dd1b6599fc187252fae78fab6c4932b
GIT binary patch
literal 205890
zcmV(&K;ge1iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMYcTO2p?D4c)a`4l>h_c3JY9>CbKXMaAwLx4COW8g42*}Qx9
zC7N!{jFz5Or=<qZI{EJJqtd0NzRU%%H`z72PYm7al2j^{s!DaaVcDdAIK_pC=6IHV
z^(lUKc6N4N?C-<BJ3Bk|e|LAEKl^HT|HZSt{r%k+yZc}5?C$M8+y4sfe3H@Beo8KI
z@zu_Q`>Idw5AuVvj0r3#%lM#&P>cmm*(8dw5Gjc$>&K)JbWBMyKshc%MvB&E3FUc;
z=V69tWPskXY=YikLGJLpwRu5Of;rL6B@y;;PJbW;rz{(w+r1vnbNgrTEP4_25|WcF
zAz4fbAM`>Lvn-(k8sv<NNkRB8X+$zSN=ec~NWrdN^$;pZ&NvmUm=DmHrex6XNBvk*
zKks`DZ%x;`yV0v?_gOC?JT7Riy1SYZbeOU-3D2;gw*;MJ@=K0zmY{=+lW>MJJRviZ
ziQbgSQA~x%`JmsIGoAht#cbB^(OAMVZ}_ta&+tE4hVMAMPuN|SGMw-T_Gp<=IVjS{
zoD;$O^6OB(327FGDJ~`?%CkvthG`}+%}4=AA~Q_W0TKky!kd@;e^mpp7&7m|5feRU
zK{zXmSfSbsaze$l9KrD95*yTsf{?!K*gSymEe`jhXRo52-oKjEzx=fPIQ&0l@y#dc
zV+sG?dA9$e!T<N3f8qb1<EPG4moQDk2-H50MpR^YMu8#d-&>g{oe(Yth)?m}^B04i
z=ev6^pYObQ5tH%WH?LliXRpZKtLM++eLPC`cb>=3UOeC3!8@<WE3!LEc3(bwhWB3W
z?d>OcJWi5PZ$dIsU?I<>U~gw{FWlV=cVAuY?hc;680^1@UOnG^{&Me|m(RnUmxG<1
z;0x>N{DJ*{i_?<uPbL5^-2c1JcAoF=*Z2Sa&hD4}|2cj(&=DEqG8IS>0UEOc#J8s$
zeNWOEQfEU?wu@6-5Oj+RDn%@g1VbZ&aw(7`h-QMJIV%e!$ShB>AUx`A^fu6t#9F-E
zKp{FJdCKNeGLqsXo)JL`4sSqatUWVw)gjA7!P1lz^%fVJQz2fCLf}gE7VjvJNt)t}
zu#&fSdYlPT<OSu#eJ$TV<`1B-WAcyMj}(-3H&UdRJ6!&Y&;~jN;TW+3C6vRjfB-5u
zNyoa)kO)Du2@+EZOFYIYC+LofDWYmQs?{*k_G?j;vQ3(zxFA>%gf+C-whdX9&XE@U
zBY3U99w7O7521|>^p0k9R?bjX&PJp_Y>YUOg1#cmyD5#Q2&0VLrE}d?f^wE1K4oQ^
zNO~*?PUbLPRtki(xdcK5hoOLAjN$_GDa|I^s!s`-3Qf*2%Q#I)K@x;-F-_$N<!Cq1
zjAoY-_D~IIfL`pV?}s^w>3ELBlps!uTN)FD<Cv8h05urN65R#noK7+Vf68yF^+J7=
zU@~JFCjvf@Lz7KrbW$iSt%pn>2dWFTwyG10NjctwQm~mCMC-tANEV@Q=O|GOU|X#?
z<%TwrZ8hd8QH|v*SVI6x62vliSuL@%=78u34cUw!iO(1p92Ml3k`_d*yP>fNoiRa>
zm}23-K;%QtIN|7RIU+?y1mSX;3CRS-DbS{*Uft<wiBZfFvW;jak-;UHoC(z$VIgpQ
zgLqktajeM?8w3qKgkH(X4iw$11wIG852xuIac8ZitR#tRg>|3Gf32o1-{K@uWTiwd
z^{cCmqmRG!I=h!-O+JVM8{}3<H+-39aatz8nQK(0sg{sREwva1U7p3fUyv~=NEVa6
zmA0H_A<k+4b~oC6+261|hqt?7%nCr78P_4Jv{9HMGBT!apr0Z{XLwRQ9>56#Lq#;B
zq7KJEk?&%bX($?oe(1uOGA<5MiaD_WXg)x}?%p@iPP7y41{#EHC_y{p4aST~?Fgqq
z^=yO-^GxCMh>U4QU}bJuTF!_v2LOR_c`~9qEE#`6xZLS_Rn)0hun+TU1)-CYlR|+^
zeo)~2i3h5aGdv?^RAiQm`4KIEbXsA&gTX8X1Y^FyVmd%UpXH)20reAF^x=(cCJ|dZ
zRe;_p%V0|oE>J<V2?5wxX-<(~D&-2<BJfWEyW`M%P7p>%zzT;%I4lOyj0=Jj*$H+J
zRF4Z;CRzcN>v~4S9V>3!o+Na+4i%)Q9Cle`#F)rX1R7J4>P>qk`BPr798V;T8D4}A
zE=~~1lAKYw=)lvY`cx<)lpPsp+lZI)EaQqfBr}@9*9BvW^-t%cf=c>H)JXerT5>@O
znoar%7C6kMOv7z=y^3}RC{Rl&&;IMYAY=MLQ3pzBfjIrA1gV}&dVyt-PfzKLiUHbt
z{^A`~BcA2W55+8R`)c<M?QNj*TT&D>QQR@-I3`x4L`puhWKlnTh;E=5CwJ&aZx$^)
z0BD{AAJ<DU!*i4|A^BcHI4yu6@1`U}CAa5^f{r=D$f~__3Btk~pn!b9vpglir;z_z
zMBGR1p;yTw3g0Xn(@Ci$2ZJhw1%YoQgGy6GGEq>%<w8hCfyyi)1^PK6+3nBj@G5Y|
z$E=tEsm_$75C8f3?fKc8>#u+AZ6K1}(t>5M6)O#)T6xR9)shifD6FF?DTtBYW>~~i
zd$e-NGT`{?GCzXyI!f87Kf`isz=KH6I?`m-^UpbXvPF&!Rvi$14^IfEoWaO(qU_5!
zMF|m@rgFu8P-+qkTOv_zqgV<hF+uE>6jqNa*bFf-C54n=)v?dU$WgVoCEB7%gt(Tt
z^U1Yjv<fx|)68rpi4*t~WvrMfQGf_V;Vs7R4JoV11|yQPy9k|RNS)&8Hk?En-*U&u
zR=3WaD9AH&Bvn26j-;I2$v07tWVZugt^$uRmz#x+$ART+im*y4v4PB3V2i$jm4Xy#
z)6&DU=)<44(1^rX9t*O$)-8Iz(twQc!JF`SBnK;}lQ5Wy0abkt0zNd641xo%S6WTr
zfV+;_EXRV5QW8krC?Fr?Db3}Y1+uXLoRK>Kcr-i>B?b~bu^!UDT#r+H%Zh;qUScSl
z(CovtJbXxTofj-7TuLG+*b9IYvk&uY9LuNIDVq#XKOwh$E)rHsz7D6u()W{+E@&eU
zA)H?0d|@LP2q_9y_^(M(*nXD0mc!_5;*6rZ4V+5@)OSv=e$TKky_qC|OHnH>xnMK7
z$$;_E*yTjrHCD*8IAMfmPlZ)PfPd)@HDlsL!|Y&ba$ksfPGiYC4TI8O<Y_sfa-SEV
z50D}yoZF{@^)`^gy$9Ql+*NL*-Y4}C;FrhhOp-?zZ0K!NW-*(=*K}-VlK{8IN#Zgt
zEJQ&^a<|B@O-l*1(z*o9x_!Ee4N0vJ=Xp9eDyx!MWq(rEb~V1MYA=V5Oy+2XXo@)~
z<m}F1?l`+O3meImwoeB=DUV8W0c@y0kz!ci6>Mf6NToO~h<Hopmt<T$Md*gi2MU$W
zLnS0hus385&*PMmOkA5AF)j|_fgH>!!wH;}hj2{1!?|3YA@nD~17=&XC&#fs#S)m`
zaC`WWFlR|<vDAD%rjr@YLEq9ZaGHiUWF7)K!W`3rhcpXu)jGty0vS4k4DBE#TL)C4
zzx}<j%VL~KnF{D!s<ftS#HC`dG|&`}NUAp&kjqHQvx)kG;CSjP@ND!C5(~@Llc)zk
zP639}d3_<~DMv>vzLAo@RPKQ0sv8M&FvHo^Q|e#s%Hl@Z2n3#(i)6{dYlc5~R{shZ
zP&l#I*c%qebEWjzfnvnT3=V&F^`Q?YGiHG&l3&R)ie&_C!l@r*bTSp`JlN_XM8;!@
z@mn$kIC2honWh&krSW`#PR3_UTqw<PflUD6qQJ`DCHuW7(^QcukBrU_f1z2)K~|pO
ztOOXwl%@r3N5F>f3NjwtpOWQFLKsn)7xWej5*B1axhUp+fDgFLtI<}f_iTQtTD~Q7
z^-}7o4MDe3pR64wOHfL=AYkwF<X~v5y6`kt3CAT>1IpOoY$r+v03(^zEvRI!iYH6T
zm*3177lswOB8@j1uE$|5&{6`ln~6`2_yN;=2W|z0QlouI$B1-F0)#R3T2yN>&&dFt
zv4mVGr8H$Y`4*=*i%D^qVy<z2#T>G#>{hHWyWK~MM%6Z)KA<G%bD|&;j3jIT8#us}
zsHMOKD51b`FsLF*YV9@cVL%qTvuH#Fj(lRocRZ9c3P*ZMAskflzk<aq9iZTAx&Kp#
z-5?<Bnk^$wG0g<|Akg<$R~MR+S}CE079{N{wG*SO)1mnqPSGwp@kzAREMjLamu`Sw
z?(FO;)34cRwdcyXfl;PcTU*cN0F7Z=@+m{+k~HK?hd3k*^Ys8d+uM1$V{FTngrR3w
zskPfms|gBHa<F{_+b9^}_$FnO*SjyCz1&xJpXv*B^dKZsURwu={o!Kt*Dn$3XxiW3
zZ$*=NZqOufF(CpZRNIqWJ$Rt`VuR0Y%gs41Q`gpTbvo351u14U(?+pOGU(&eZzKKE
z=yuxpd<EUxCEWQ$OSr%P?9(hE{H;8N_IhUUj<Njk0BKjU7)!xZu{DWkiR4>Ss5i!b
zI3?)7B3lV(Xf!v}5o&Qy9tJ4X26&Li;AGQFjj$BY;4n*2AW|O1g$OF{d2#$MBw5Vl
zMs&s&*-m2oZJ8x0L7N>-5f=r`CR^r{lQ9}GF*VBbb_GG%TPj<D`a(@i%?jDZ+I&|@
zwP(hrSBWl)63ywNEeJe9?-e;}#TYEkQVN5clnSc=M`D(Z6*yK3ZtM&<FFDe-Mmb8|
zhrcoV=Kc^MOMy_)zHS_KaWHd(C{LO*eeVJ1&FRprpj<A4PstEK6boU#kv7gnF`I=V
z<p%2-3&#8jkF70KHv+MJY%%7XEc!C2an!h=b1bHjCV4R(puWL|6mR7t$surN+tW(d
zlK7wETY@l(Ss@QZmL*{Bk)O#e8==h;IV~xd!w802BkUi4z_I9GfPT7VyT5`%y#14g
zXv75;CGV1jw79PsfRtmTB$DA2ZfhfSBBTnSEvt%(<N;r>axw*}S1}$|R4cDK9Q2x;
zdF^x78+!+{ue0@C%{uRWx->i0TTaXNau-uj&(U7AYiv)v%;BH_LUti=L(5vPQl>s&
zQw5nxE~PHm;WAZjQqxV>7OGG9x#sBg32z|aj<BQU@b!Iy-r042tTtayzdgjm8sn*3
zmNk?W#O)1bS806mwZy^Ka0*<V4uRAXM!1JfIru=5O@Kxzi*I@x&cP>73T<Bnh}z$z
zt*-?%Z1?Oo0<(l#nw%74R?K>eGwJi^7N;~(M^r)!5{p!uK-8csE227Lu1<%cl>o9y
zZv(6*l<-KN6Ouh=L@UXPJyRhyYS@11Tp4O%FcL)pNbcGiVFdO-i<*+RTpeC04+|;(
zA|wBz&3H=U8>Ng^x{VskElo)Al%s^jrDY`B=1R&pid$}`wh2|HHNv+dLo<UmePazx
zqPAv#P+h_@nH9wM=N;nv^DYJkeE(44>Exnad#gkQgV0rl1fHi<pu-Cws-p{i^^Ouc
z22TKC0P^3DRA9uEFLJ@!a)GkoS_bK{Y<PDM3kiJJa_}p{bvakJ<-y(`s{v~52<i2c
z|Cko`mV0Fu<IVZAFqo4ua*hBXXk~DhnxMM#9<wxMcYs@G@Q&eC4Q4G)B~>+&C6-qO
zz^u0K0VysR=ixtDM%))Pn}m9i1Gwxe$-SU+o`zBikw9>f4e%Ww;CME;JbrU>el|Eb
zJUoAYb~SJWmHuDhC;V&szkj{=Fr>V}<v4(`C{{00elK{E-X$oKj+_(1;eO$ah=Ru4
z;O<^lD6`wzq~gl4#XEF%fY0C1Tybc{n?3)vQ7I4?G)*;_RD%I=jO9{E$egPj!4Q_@
ztBk|I(uBy-4ClE7K4wM5v+YhGiQELn5>h)AJI=&UWe@qCn6wtHrH3G6ziC>to~>og
z@>t=2rbS9m^C`E8dCC#a^9#*1BkeC^IkC0#$xR9VxY-0meGS|Q@4g6b-N4k9v+Vh2
zr<b3VTbXv+<V5J}p*M#Y+N|U>u8ct1+mMTb;2GMyI=tAbR8}|=6(Ma)EtB066#VV)
zfqQSPZDt_c>q})R_i>VvSSWn~JgM~g1MCr6R2YuXsZw#l-j&QVJcDa-V{*e|DSirY
z_VMUd@l>^-Y6jt}ot>S)QmQ>u)iw11;Z#gPUy}l>ToFA^y>|dPa0j?;S{UD!_eU36
z&^0cR2z#Q46)}<$%#tacQF98z)qVlOuOs#t4LvfbR+|Yde^*+5mfeCD=yt^&rOsZ|
z5L6~|fh%FhNZ!ij<b$y51n5t()VI?Vy3p&dw~Mc`DMv0U<S<n`U`mQs-6Nu6=bOg-
zv!#haVP?}%_Limts|2c!BL}E*q0k;h*3U@$EREEJxfJHL5?pv!=X#fb20C}3DkWrF
z>e<?90fbn%ZdP7n$|VRXw;aba-4Y$#zc{vCpMk!r7+j6xdT%P_@9OZv8J~L{3;dBw
z5{fG}Nqsl*4!+oZI<3kdIZq{LT*f99KxpmhBywSgXD6<A69>}_^$ar##nvG9Uwe^*
zqQ)7x;c6TWZPeN2KUtf|)WjNS9Ti($5@*Wj(+mw#H}uw;^82uBud13*YlK>)l-x%x
zX;)z#tHm11va9x@O?~G@62<APpEMq^Te9`Z)Z(QbKc?E;M2@nb=v)8F868aEC}y*f
zx$*PICMrspm8qb4Y8M?EHQfRf`nkijLwKTXAF!QV%ZIZA#njSuyR|}jSLnt0+G+aP
z4HwEOYsGbFA|M2A@F-{iNPieq$RDld51dE#@bVuTmp4EhOf;-ij;fL5?e!0lj>WUe
z*+#=Ux5>8}rnv@rI)=IPLh^OH4S>x1T>B=;1Ate-c*>*5&e74QLhp8TX{Tm8ISapV
zA9aCmQrxPYw9sm=E<98YWlDhXt@$Sx>bP`mXD1hfhH+1dhKme*8|YApwds7@7lwhs
zYB^NN_1bYfoh!*$5j{roSWJlu4gjUnh(^5)^iHm<H9q;^aE5T2Pca%3EaU-;!7tts
zuXm%poh6==G0S3-1JNkZVWvWRXf`p=`Wv26hKG_Lhco(tRCY12)bQR0NFGfODytf3
zDMX=EB3Bf6Jf^YInJTZyhDgq>6y7sZ{+f1GyOb2%7&|<=R<o`Cjt!-cd=v9X+p0y=
zet+~k*R&nwWpzFKi+=dn`r-SdFZ$t1`k_3FAbLV6i8@$9TixW2G|464{YZzOD`!ih
z+e74cZ$q_%OBI@ukk7dwGwb721u1AR0q0vMe}EI9+vf03GpkTaGIgT|<x!^cDM)6g
z)J86FnyP>c+2zl&@y`%BN(wPY5M|8`Uv&e@Tl$t0giH<F=x$22@kmVqTs^vh>6t1A
z2b|{wL-ZldV7zj0!*Zm28W`~EO`U0>Ac$$w-LfW3PUIR2XN<gW{meH|ASKuU(JX-*
z8?O110YBGABBV9IG&6&<?+5ToOG&*A#iaCBw&@JyVnT!u8*2#*po9gvE2tnvSY=E=
zSm-cjaOyWL`c;b{>S?;OhevFuW}>AlL=TXGq5aey*}66i-GF=8tw+Ky8Gp~!3<jw7
zg1avB_Z_9wjUX;V$0Cu$z*XV0Dn#7S3$nrZ61AY}^ofX#1mFLteu3nEzx8e0sUJ#W
zLmPFZCK?V;U5_LnrEdwscMx%<<CI)?02^!qAa6-A!h+6B(h4j9nj|nI<gqcz%Pbb9
z($AHh{paZCEf|{$MWmdU#0$ErOU`NpHYR_=7x6{Pt4H9p2#@@aG~cV4ob1A)f3OiZ
zLW1x_HGOc;dKDFT@?>6+u*@d~PTZU!XtO9Yb+hR{Epv!H$qVvceNrW2vG5ods{<U<
zjPj`h%D8AkJ*eftFd=0QjDN5Z%2}d_yA~hLiOpMM4$2wfQ=0>W0uf6LN<5u#K^b82
zZ8^hA7Sg^=ElD%9AD_LWR1#Q0ZjA^h7ez(&#!M21Py%@^fhIDrBPzR>;;R~!>l5W1
z)b*?&4U9m)Rn7s*(Uhb)xbI|^!ZVhIkgZ7{IO<DIHK}u(Yv2tP=eYt0LA`FMpbjSS
z&U;+2GSl{0xiTilgOrp0!A1uyl6*tdk>Uj#k0DC{NOc*@hz?NRM*mx)6?U=>-_?Fg
zCWIS#5L9@V$xUfGHJh~{n6pe%h;p@*q!8FIf`Jb8ve_*aa|GSi{)JGSmjkrBvoo_#
zW@HA3Q<WS60iFnNeD}QNv)#Ry>a#y)K9>#jmXKWbJ)<h24JYmxEBVR2<xiQuA+@Ky
zf>lv>1>!NY#^_uNPkHT1Owz*9w;_b(&XmZgZXT>f*C=ZB%Lj#RNl!|`%j$3>yO0b-
zo|jq6?L^c|MyX1kHKr5Iv?*L=v<?-LT4Z=4g>K1oaE8bS$y3z%t7XGYK<-<jBNn6i
zES22XN-x$&>iizvXo<I@4|Sxu9W=d0DX-GQp>dg}A$YTZL}!ONK)(Wn4Rk%0ilDf*
z2_%DElbC12dif6Y-|n`rM^BmehH8B4o_UK<S)?kianSE~wNXmWz<XAM>%DUf&+fwz
z1$~=a<nh=*eLtDg;*XNw=@VpGS(-HPQTsD#U7Ec<g-C%JF6JmN3+3SrtH`mSd_1?G
z*u$u|;RfQ~yi}?+WYjpkJmNZ9u#oC)M$n|dkg&y^+mL-kQmeWqO?n$u{*@}nfV)$o
zUL&JlTik{Xt8NBXyCl;R^)Ej$G1Gg-ve2}JkQvSdjcxR_9Jc-)!mkr!Ear|+jxic(
zs3U?>G8U-JI1v#Tbb*H(AA6hp!-Qr#LD@EZTZMCNYmi20g6qcGEi?);@<9X=N~8^C
z)T-V#n%hoILo^d))ffgaTg@5d;A$PH2y#eAlc6%xDUcHMEZVh36%BUV&u{`Q0)1uO
zj4#K<#NN>B822N}V@XBxP8W8=D<F#OAg9_u?l!@-SH0@~$>dlHdhVT6Pz$D~Swe4V
zQsT7w2xfE#hP-hVY*eFWS6wh7uA~zejE&5zg--))oe{}xuHq{=<g?r`zW0|bg$vzD
zfiq!JdI;v4@SP-AKN|8$DX+490KBTF=76L~e5Vs4F*oUz_Kc82b24uF@RE?nEGG$)
zLsg6eGBGH7&`hQ2sP_hbpUOk3F<S{i3+4uNHAQHBX-u;Y*u7{c+Ci*98M#wl7ciqU
zJC({s#Jj(0Vd1`DaZ7P~$_-#&x7Pi_pQTnFc{Aj6WGTlcC3130R!N9BNynki-su`E
z8~{E$Fu`3h(Jp8b9$Xn)+aNkTXalJ>F66*biFHKEulWtluVLhK&)fIJ@Qr#xTaeu@
zzdblKyLsWwgoXx|2QR6q6!rQy#3m_}T>%GEai}VpsQ%g=vP#-wOutUrmg<h#Pu$|&
zJuCij`2E4zo8x!K#+)KyhB{u&YYwSiT3g?cd9Tu;A2o&0;rZFs<@xF9@nw}r$Q4Z=
zF=r3hC9BLhYUWq}?*IkIWx;aN|CSUf%``iGNZJ}8(%*gJ8rbSp>Kb+QK-#V!$!N;h
z&7i}hdQ4M63X^QaIlIP~re#5F+LcMB#9i$ffnJ&m7iXiI15O9jdB>&Y$3wX6V};{z
zrTsbF9R^l>IJDp}aKbZHwn=~wybn9x7e-p~BQ{$)IXplk6^(AL1q{fR=yzjn!sz1o
z9Wt@+6$o`f;F(|rGa-`7kaMS2!GjK*Dzj$hZKN-0L;(@8j0tXT=WtF{7A-AzsVxAT
zzy!+M{r@XEP<PbM2=x^KQpxKYt}*VRqw{ywZo!>+Pcs#BORXU^yy&jVjA-kOI!zpr
zK+qXsrO@f4<r?hnnC#ZZyTxlVK)XA=p6^^}^BHY4?7}BbGkZ9rP0zDp_vN3rY7px-
zyxs${*|ul9sj}K`pdSn{u&Jnwli;=op@!C^6*be}8u#r_lhL+^P%*;sz~46ngnuy7
zz!_R)B(3aST4Pge!Og<mt3-#?-1t$LM@nx=MmWDH*ho{O<hE~!O$Cwbp-u@-#q^&>
zU{+jccW3YUzJ9{vDUoyj{_5&Nd!kZ7ae72jTxBX(5v6tN(s8Dwpe%7o4&as`)m}{t
z!lx`v258sikk0dGV35TLU2R5?p8XFnp+BmHS!MjsNGw{FxCVV=DKg6D=(5ZtLeZOo
zmHAVSPL8T;x4Np3mwXC2{HjdET0%#HDehP(Z~*P($f$W;ogZABIKHx7-NF?CTc!8<
z-H|%XKtE>a{SXyoLRkhT8kUqw9(2dxWOS)({#8J<0<!G{rTBILoXc%rP<bHQ$?5EG
zq>OH89O0Zg326fx@<YF`aygg0t!W!J_3fy-{Zx!sKGyjQAeDiegQtmR4bw$7F2$5&
zLVbcK5~OgKO)DxQ<tk<3At{8HJwlUXs73)nm1^uMjY-BE$Fa+G+moD)iGVT?8i2A~
zn<0Tf4cBO@rh_qW>vDA5oZZchVJsH|Ga;Lp$4k@WT#q`*AsjRr6PB06D6(I-?MO>(
znnK~#wyMAai(ynyU+a{;%vl+=!jOm1wxwS3At$l+-qdoR(%{%#X6R;<6IT@7MzNCz
zWUJ~$j^Uyv?m9y_Y$Z2PAEl`8-Qfcbwy67^6sRsEAlG^mwJ?2mbk3&ND5c=5WSm;i
zrglrH93OO`SuHujm`Py@)<dPPa{9!T=IBh#!B;bjlSS3R8fa3Nqpe$6PE(l>M)Ti2
zI^srlnNM&Fu(UAHqxNTR0VMj0GONnZ*lgKImp~xu&d&~y73dIij<ck|y$$7Vqy75f
zTfqfb{Gmoo{rV1kWa{UfnyfZ2apMSC9}nc&)u-DXaMhIF*t~32J1|TZMCCocW13X7
z<IAR#%WzBAP*8e;u0rV|K)JMXn_VVTW*A7nYtpzHH$SQ4LZmEYp|`1lWuHIk!`8S9
zDEF|Rt1Re0J4-H@Rw|r<sFcDf%O+vPOfZy&5~{3(_H769HU*2Mc$8@Yzy(AzQ%gX!
zr+2IbjBSXnhcTBl6(P+kGN2rw=_q6Q-7h7LZ%k@daCanJFKY%y*NVu8|L0V%x|hnw
zb)t7t=j%d!rdFq$Ki|BnklDXHJ~(=J9L*9)uJq%<<=M&En}K8RRF-Qy5jBp=Vv13L
zvxLoH>F-#PfFZi4bY01Qw09BT)+U8fLGTTCtm^hYS}UTF>#YwrNWBdQ`iDHFF%{{&
zWBP94QayLSaB2U$ga5;$S+W5>Tv9*ap<p2wxDX+DT8C4T&Wu}BcsC_kXfPI19+sRW
z;oTIAFkvAL6V~fh2yIQ1Bu_XcUP!&vslh5ARr&VyBj-L&1vDGz=)chJK9X`bc=0SO
zo1h%s`Y)e9dj`5ndaI3*=7vebCzUOE)6IvxWqf^k)&1^%b>p}DEZW_TcEW^=D9*y&
z-LTl(>D6p7@V(U#D;%NV`Tn!LPf~;9&<1PBgHc!NEvk@yU`UVKY0s6}TGn6Pe-L5L
zhM!?=il61#@Uy;jInj?=oO^Zf0L%y3`9OP<g9dI!M=8#3<mn=r4}z?{)n$fiZ|!;J
z8XE4u1WoBbfgn^XZC~_8=3L_ufpkojnx>IO<-Y*H8pkTXNl%youI#RksZ7vi&sCi+
zL7PDtP9au7)Cj=)pv^(mnpx{eQ-Y0$nl|L9&)<XF)NIC-%eKUCl0nEYuWqSL6E$Yt
zMh;xpMNy1W=XeH#s4ohF;ZhzV5&Ds)NsNmGj-?{e7ogTle>B&2JMC1`HM?ra0~Fvq
zj~rJPb@>OOFOaYAZ-3W$>CAnHWUkqSxNhC11R5G1oT*6|EO_CrZC!;Z_&UOQ&RbuA
zhf-C;$IymOA8H8FqsE&mpDNC&7GE?`ETKx9O8g5|{>!P-U-?f<mU?-*s7+Nl>E?eJ
zCFGW*EGLC-yPW?)voECfyC5~YdW-1o<8Pmh-fSAgZvJMf$%&LNr8Os^XFIW}Mb-7W
zGzN_q8rFI%Qf65#P3n>pGwZ>lG}ZdG<4QEt*!9;{WxSw?#7`hYE-ESfs9p8$Fcl|8
z+}}VyVp^s1vWhhnW|4b4OKBz*;xQ{Ak8vTaO9(4ap%vI#0MW_V2CYeA)M}Rpzme}5
zqAtKDrGgv4_N+Zt1+yt%o;pQ$wQ<5!9x*j$BXllh-aD$a`GP#v1!Pb{aFVk4M$P=h
ztpSQ8TFlMM(YMv0u^%C7##9xub)8aOARc(-xC5~)QHwidSMe2H>qQPi8(1OSbgHcY
zqzdV(EC|56rX;@Meq=;-Ki*PVO)Zz~P5E)L@tDRGr&X#Qcxhb*U=;dNs&e174?$gf
zzNq3%Zv&NiqVwHjK_>H_`g^GVw6|m`8vT-`Da|JDp^fU;ePZsiX86OfEGBXr@9ymU
zDX1R5&ulii0Se?R$5>_4)hf)}i?+IFlTEDI+dy(-KysabNcw|VcFa*mB;DX*zO6N1
z%e~{WNatu&C?`OOu6|nG=sk^k%?m>BeotNQso(9j-W$CJ-i=;I%ic!qQnm8sh3Kf}
zjjMOxYHnLqDspw{8aR$D>bbfY^)FmIuUp$LTidQ$+b>$%u32GSoSX346dSkX3ugFx
zoEtFUGH;uj|5BAJv$J!9J*)ZYr|t~3|C~F=jqVHcjn)hEjpl{<UT>r0zI>zgzI=ZN
zOp$&KW0cY{iRUq-cVRbju$N1UNZF(wRm?;6YiQwx0I%P(4+biRaVVJ1pGrQExVlsX
z@#mM43aC4Wt?@zQ!uP{bjG$^H&j{JVHi#@-6*wf=#NJfS9j}m7A4tkC#wi5zM)H&k
z7vt8Cz)9Jqq#SH=`yiW1#`#mu$@%kX7|PMU-hKWQ^1%?n>wTk%>|C$6I+mF1KgV}j
zCCNDsLseDe=+PH&L;e#^ah9Z{2<4iUV0~MNs{wij)OIkI=d+lbN$8sT5DmB9K&#7?
zzJdW>iy2Eue*^1YLYyTb&IAq3limh0znY?TS1e~Kn@EvBvRk<o<Y@_opqryan^sV9
z@clnuquprt)z&(5xMRgl%5cK_axvw9LZOEes-c9=Q2M<MWL^*9?P2xOmH=caDICwT
z$3n2A1OdntwugSN`n{@L!4l$n<E=e_l9M8wlr$lIxs;(wwgTPBzdd)%o*S2}qpWQG
z!is0-EIIIFeQ(McmOW~V_`pbt@<37ffufdRU{EwqvJoq@<O1y9y1>S%uA{hM0DhT7
z^9seRR6F!UF}aNCfDh$Nic7(GjHLi(RmAEd7^K>Q<SC8up#&s3eXkL#-58S-e_H+8
za3-{_63!sBC(ZY)p#PNYA-!P9fqo6i2q0p@kdBIGLf>B;IN4L>*sY7Bk*J`?R+_po
zbGH=tHeBZ{$=|oDFdN^$WE%yIfT+m%mS%4K=AJX9)?1w!%`O#Q;Zz05wt66Cj1igQ
zTWZ~cH#T(M=EIBk@4@O0sJtLWOfn(03yAzsRcFV3u(WndH<eSIvGs5Fr26MS84-b@
zD(0f@20BpDYG_Urh;@fwt4pYthIICGi4mO#y{FDFtv+as>%+|~Ky?(V3$i#b?GrVR
zs)fmm<xI<Yhi^%NC&YOP$?eRRx?l-9qP!?U%|qXo$%F{G{i=uRSx3o}_f`#o<&rv`
zzN)Em{lmuW*o+cJLkW6r6r>r=4(iY4;D#hF3o7PXgKHa_=dRq$!X-5-EnFA$mZoIl
zd$W%@IP)1S7o{A)WtkoDgKTbm{toziZfr;0ZI%Jz<dkORhea*Q++;^g0UBS>_||0W
zu)>m!kbYV{Q{F1h12W6S{D>CLqr71M06!}A43ghp7;GI&V%PLkp>4{zI8*8A>W@z@
z4(pFDPLAA18|WRrQ95bCn1IAa+GQS&c2%a!IP15SA*x3N{nu{vyyo3#3yjv9)oeDd
z=aBaCBse+G()lH0;yXJs<Nw@)LRnPItF*ZKsN<SeC7UH5gs&Y%z1nMYlC*tQ@%pG|
ze;?Mq?=2bWD(hI0HriDgzu?Ik%Opq(h?7_@z(v92N@-6*#nqHQ?2$F5$2i9$no>ax
zWhRADVM26pdfMwbQR3+6Y}k^`z||>}j2rWf4&D2X7F?(|ChvgB1f)VMxOxzxV0S0l
z-Pwucf0eT7IQmpU-C4o}cZ+aK4y4+1f{S=c><1<sj^D<SF;J&0#;Jba^}Ov_$wPv<
z2zMii+)|LpB%<r}v`z9I%czv-dhL#+L$4K}?xJ8b`Lg7Q<x&D=MXOtXWqH!|cqbS@
z>a$DdO)z;OlzUE<^g>;48*?YxG(pAK7G%?gbFi0hZ6i*IAAq%%?}~NT*~snmLNmS4
z^>S!Ex&W=WIF))9uc6WgGi~eKF*Tf4xU->+eo*QF%~VsWBUq}!C}3G&Y=B1EII9ly
zQ?EfNo2XllDa%-4q~U7#YDq2$0H)dGlidK+x#g#IExclrN!n!5CMX^%;T4FD$5J!;
z_TUhV7{hm07d3{VQWaN$hI)%DNe;L?R@QgL>6K-prv*TpvE5l{s}aDB7s+mes+9^T
zt=xw?gr)kVj8C`YI_gDkwiJ2Q?s`x4r%%xhnQu2DRY#bU7yGt~tLZ1f0{2X;aIN!N
zrspzCS$qRHYFPza)sM}nKvajIS7|7V5^Cp+3ql}g%(mhYP)NURQSA+hwl2fSu1(ez
zaGj};8|wExgl?(8jUsgVbZWgtwkMp8e`*Q*SMj`)l3s(an#3lJL-~6pN&x9mUPT(~
z9J(!QmN@`9ftbx}Nvm?{G(fo?H)O7k87qU>7zdBCw;jpaxn4!sTv{7mny{EVK@|N8
zgMF2dMAiJ)ccFdXslTsB%Bv|WE%I6P;?J<>&QFdGB?pIQ&0IJpUA!`S*-TEdm)d-E
z57^}1QZ-^sQcN-y2xL<e)>t9%x=PCf{^dFvx*D;+kT!3p678y0-L{uU*w48)rLkG^
zsmgWaL$u52Za^<nC&cOe@8S7b3t{<lsKs(mN(y6xDB&ssd;@*Q3eQ|XX5dV0xZpO*
z;Sw5zKy#bvpRvp7!ru9ZY7^B=TYM(+H6ePG=H#!2(MwTsW(tC}>_;_-Yc<pBF$6(p
zEF=G`p2*y9SdcuOUkldJSS`kKpkBKrFy%C^-47PEQ|bNXuZ@iC@Lt`2Jb(F(16q=e
z60x5?tsZlp4p2r@=ZV0DfCTl{m7(&xt;D=Sot!%K*p{R<@%}zb*!HuA#W=Ij%tpmL
zr0Q^hQ5XkbN9o7eTude1GJTVPfkVO$x8QVYn#u&G1XP3#gN4%sXBtn&9opZB7Fsn=
z+tN+?K!p<boY-mP4__i1ndH(r<3f3mH&zw-<7sYf`8qVOdp*4$)=ZKPr|diHz|vlS
z(#fU#(ERASt3Psv^mQu^)=<2(P~FR&ojvWYQ?KQ>=lHDso7M7L8%z89?Nxxy^FMIC
zz28TPVB<RXr9|-Z62X;vux8=kBkRt30U$mH4^}<>C$ZoTOs~R<+lz*p=l_<h_}<vs
z-+$4;l3#pb$&bO3jeGnTj=UmA#wsVl1DP^9xH$QYjQQZ=<UgG`YmBeLp!Yi%^!|Sq
zgI*b9`}^N?FzIi;FzLr*(m1DI`1A^VT3=cUBHxOl-Th(>9%|frEWkfFD;13!iHbz)
ztgv1BGS6FB4Xlj5@jkg|Kf$WYnEFyRD-xskDhmUx2OOkS*_(BZ@1qMyT4&Qi8PBNC
zS6z77Ca%x*%U)h#FGB+Us<ai5*#@dV?N#{(XLFsmG@RkQS4%gj5)AeQ>(A!>l*QQQ
zJmKX?HJQyrUXEZkmA}WfB|q(TplV;)+s+#@w>2l=$}1C)j@FD&&%-7;ttMd}`7_|A
z#Mtj?^yedpE^|k39>M5wPJb}9BK*WS&dtlM3S79MSuy|?pjpKQTu7-I6M+*funE3U
zSgAZH;BoAD&_K|{b<8qe&PZYQDg;viRPW=je#bxHG$P0>hfAsc+4<G+FcKfcWA?GL
zv$OMJe;@wc+1aW8`+RTb#aFxgFQkaI`(k(htDW6vFZOr8LOYK+h_0WK3tW7)^WeVf
zllz1GTrrc1$vAe~+fo&hL28bxIxd9|dLKW^O>WZ+25t@707XA2Pid731mx@Ae(QaI
zKD>JUWK)V1u}IN`2*ht=6oyq1#g8A6p+_CmZ{GzdLcjgi(qdeuscfYh=#(NML;v6`
zlbq@G(~pq~nu=W6Akv4~-*)~U(fqfkTfK|(%YWJUauP?75JwJ2{vrqT@gpKBCqAZ)
zmePUc79>kWhOaq|+W4p-GZ>miBu)~EI|9%2AHORU8s*KPF-uVR+iyK7dldp*T%P~+
zr|Xl8*H1o5eEl|f@==cbw_aQpDSBdF_j>19?0B@<-Jy1bE^#Hd$V5kR!8J2U5JaDV
z+$dD^F3l!AxxogVJ^~AisTj8bfXn;3yHI!6@5wnnxx+;U-dBUys@#N}aqr{DP!iDQ
z6!W)aZi%K5>wp3+iyy=gQW9*z_vUj}EC&(!5KsVXwsnsWT|H*28b~$8*HFncOPoi6
z6gfav<W)MQrF}&zGsY?{U8z@>GPVwH(C>`hDv336l3BNPC#9bSZM=?tGI#zEpA2{R
zzHgDq3PtXa5z=bGDuG3y*$3|LW{F`?dWG!8nGRBr%U^#d3E4KNzZ5Aq?>st^GT)}#
zlb@W&?MJ<7?M1zE`&gAm+&fz3nkPpzB4}J@v9{}&A|PH0SK}<DJA^_XDsYpDDXL8a
zCfG85oF#oZ!^ZgCG%>aYz1us~cl!S7>Y{&jI*e9XP!(&Y8E8WCf+*Su4Ke};FD@Mz
zBqwCX)QgQz`J<p$$pw#&-<_i$4o=@657GPK@zE#ly>~UW70Jgm)zu89P`QI-Xoia$
zxo|3Yc*g1}I8TJ}h&?;Mvc(W+=BAc5`8Q)W%L_6k8K<`d737wZJC&0str&?Z%Mks0
zqurs`f3+0+pZinO|E{Mb%}K!{k*AN=$3p#Y_xU$_d%HFLZ~ytTZ@%b%pX2A_$Ntyo
zmd*wsF-h(xm5A3;+Q9LY4A9qoI9mE&_YRH2p-GM)Me;fNrNpU96^-*;+aZ4>@+iwx
z%6NfZJcATA+#ajo^zK|;f<y#9&MH3_<Wez_1(c&rotoh2Y$)4OUD0qW>cQ}Um8fbW
zO?|=~jb_x*rOxPUtB~2_uF_Ci&r`1lo!Dv#{1pHxrKSPpaEc3|V7S9OH%ZxkRT!4I
zmA}&2upE!+2NZ-&$)MS3rA=9x3D#indi4?1hrF2=G!tVK{E3Hu;z11&3jTsoZ`oeV
z;2J%3&j&)Fs>#$x;!Z{VuFZz%S5%NZl}jG{IY7a6@Ib`Qh`^`%!bP^gd0x9fQMSc)
z6<8^^y(vj&5ud8SuC}&%y3n}Ug9$<#py1=j+A{q1ThQ`_u8|Oq=CyBhh*!sFwob47
zMB()y&nwjaQZfN%ABm;{lHWan*qkRSsAKTjt~uCtbp{0Z09vBoegojXBwLUyA;ndm
z252*(u|NTU3k=vGR&k#Jda_j?g<QF%i^z3)hzBoZ^CKw$vW#S6Alc<T7H{#$s~pO!
zZ1JFK?wFD)5Urc=VY_^VE#%h8UTGHUstZbZh3aE{A5%@rgZY`JRUMi2jLpXD0Bc)^
zE}@{0+6FPYhJiB=7oMutWlGS20`eP#kR({kvHgAJnAo;ffSW0jRMSp*YY&0`C0G|;
zyH2|ZrEm>8W<?8jZ%DQdj<4hgE~0Dvr)@>RC<#4vkGWp&SylDb1)3Gij`3-`l(Pw(
zOLMsw`~jN#WT%m4NboJ()k)rK+Q9=0+EyxZo7jh;3*~B_lLjPss90uoJ6FXwMK>?i
z;j!COS8^IHz3LLqT);^ND2Y-tzfk_I=cFI?yu!lreI>)e+bYCZ4%#`M(XS|@P__Z>
ztELMMDKov)9#D$TLv>2|pkN&OW9Rfy?e+Pi{*c?(fOh>seyiu_u-z>gUjqniM)xFb
z8&}K7^dBlCNPVbvcLeoW!$|>_W6?KWuSKaVj~Z*UvJ<kxAxMuJ`PP>DGISjEoZ|cH
zCp5)W+}tpYN|5Gf4YG58AS$i)456%?jYy%e?rvA_bL9;oo4_V)yi=|U=KYnvM$?O=
zFNP`v8GJw#o&3nYsV(?_D#lzIS9{5)sRjn&@fz530K*%1e65%@o6FSv32V5LV=(W2
zMS}f=XQ{(*cK3V?Sh}czS+;yn>g)I9lP#dP5H&Qwy+B2^@aHD^MXxoWbj$2}_tP<^
zDGHJjl4}WFV!tY4MIA4sV1?0G8jF_DSme`K3&=L6Z!g2lxB`*#Ku=4g9vhTr<OxTC
zivJ8MdKD?Rh)@J;$#5}s8)EFD?iQTr!PFRy1E`bHv;cFfp}9wdFej_a+p77e6mEyx
zrr$DOQ61AY<ao_H(9)d63iEJkI4?O?y+1m|MWcJKFD~l0K|>0&GM9$^X=E<L(w2!d
z3j~_`2{PUIuEfBH34(P2aGfEU^lHK~58)k7bd1O^`eDtP#zU*?!E$n;=jT0B(A(Oz
zilA=8A&}aooIP)XcHh=kFs4bNP_z)5;ug?&$&$5=PSv(<3`<wWu20%&y}TRpK_!$r
zxzL|D4{B4TIZU+ig_;}9{a(UmpSJ9k>0AmF{&2iIWA{x)(58Ovp0H9h7{U>OwotGW
zm=RUA#JYqsl~Mr?gE~;%Lgiw*@Y{L**)3zod48c?!VMhfkprmFu=T_QL4Xw?476>L
zE%%M}kJ{Qoo1jKOE(P78@e6VUi7L*+4$B6PG{*$hsPr_h4lkCHSA*8vTmMzo$+~J+
zYb8OfuvD^{spFz~{*`TleyxoCvf+Xym9JM>(bjgKa6x5%OV`tFbid_vWi}AS2%ZI=
z`0+$z($0MF8U<H}7lGSIgE3~qGRc)6Ti`ADmM=RsAiqYz`y(H)GZ&XnWeNGPjh?9S
z9%rJM1LIPEH>5j-SUpYeqrf02@MUip-nE3uiRk*IIe{+GuuDU8$7^<qdZt`ZC82Cu
ziz6UCGTm<}WXWNdNv_=hwOG?a@9q{`VSBYgXru5a-6Z~G8I3QcZ=bdoP&X(nW)-T<
z@6hS$=j4^jaIF$f`X{FMO7*(ntJYpj<(~_G4@zt*)coSM3C>tX0B=TL)Ht<4L57_)
zztK3gFZ9AT`)@~!xhir*OaJz$E?#=#z9;X$JwJPMJv_er;pFi6`t)RYb$q6?{_x%#
zl97VONHC_V!`cvF_)2-Js&BT{ql2S&CujB%5pmR^ET|C1z>!m)lo_barz*J7btUy#
z(m|3G;A*-F4T7Br{uiL&Z-c?#wf87|)BhR`+05R2aFj5WcTDGw7T`)bN?Clv5r#a3
z+lVv$Tvf;c&j4(gkGO-9tP_F)$`KWa<FWFclTx_4BB1=g15^4ZLxJ|vx+AuY1qMxf
zNO?Qd<g(D;*S=^L`n*~pQ{6Mc9TknmvNkhPNN(*t_IuVJT90c$x!Jw`VpML~TeZ*i
zp-=${yE(ZxmOy_Jps4wc9A`x*wF@N`>~pFK%!9hs1m#m*<+<rUcY6#QCrMaifnh@w
z_l26q;<}=l3%>ug{?(*f#%M%!x#%g5Z@|&pBtlQ`@SN*A8M#LT&eOnT`?CRz8X#;P
zxuvg8O?Whq(201eoK17aIV5w|#qlt@#RbLs3C<9MfGEg9t0C&Ewu<s+ETLmB5xM$^
z8?Q&mwVTej5l&UTcMYi}1?`li`aimY@cyfp-yoVLs=O`iM3WyhLMJNY;dZauXF742
z#9&75%<v%?jNCcloeD9kSS_U3g>e^jLNlD2oMd{xKK}l5X+wYK3~gYk69~q6qn5h%
zW!J{4z6(6?e}H{2QvP|jebwOucD){pR+Qz)Yu)^c{=sO5f^8IRIbf7&W;2xoaY1aM
z9j|jA{%aJl@i=H1PFw4R*WK!rKfk=Xes^#&)M7#J!ij|z_y+crx&7XRJOo~R&=$fR
zQv2az0#)L5)iY5R8LxMtBGIw1vEUuzgXDPEGn{izf{;(&;k*`yvhWOb>>DeXHyUJQ
zd#otPKB_#^lEI&nK+>ytvEMX!Z250I>3(aga~<1{mX>4W0Yk0n`&-_N<pZs+i@O7C
z-yOtX|7ba(4zDhc58nAQY?rAT^tjVcEQ7YGlP&wU<J?&N)bKyKFW+9mwb$p_Ab<bF
zO8DUH&B@tcwf=164Jk^zKf2KA2yk@@qeKOyOeq(vpfOHSK`^&L|N7^=5s^eWN=lrD
zd0FI)lWpK95GNy#adWjH`HxPaV)C1EhVF<9d(4WMj?%d<HL7HYYJgA&2TN(m1#Glj
zRUp%#UgcfpE_5|&ZpwC&#5fn3H0efSvU)SPDVr4dce*4`RZ#fq@FJ><CG9o}Z{?Z>
zi<OUQSBluw48?W@yJD-}m;GW3tWZH+X7Def*EptEmjuw(@A%k$lr!5VJJ1xqd2;b*
zNhE)+h&N`l5!>owjUMtELuliPX?=A}*Ohl8oGOOv*i)qY1ksEL#tha&M^3FwNSe%k
zMP){RK~2;)hom7c!Lwai)a7D%3F3?1vL;l{2tg{Y!0`!8D394KDdrtG2N1*C*zvT}
z)!mNFm#)`xGhVdO+HuuvfNGI|p1=qWa%wo);C0J)^+w&_pJ_+Fr7$Av-KPOfNJa`Q
z$iXTD>T2wZMc~}g)wDixcR&gPIC)r7UVRN3=yHQkSNObZ#1N9JV@FNQ9>OZ2373Nx
z6k?wjii(~1sEHEIReilA;v&!!QQ7l7#^`zoRcDJ$xD(t1scN~V*c1!22!TpxYhb&*
zC|ZEpk<hqZb*#ml%x+0>$Ywb%2nzlS?M1JoWLP_-RH;OIOSGFruwb-MSlif)n>6`G
zO{QWqwS;q-Q*03F=m{=|1teMK5jr9Q%8Mbno{u@u26|c?vQ;njOK0s{)zM52e2rC=
zD={lY3B}XNhd3=E5>`Tq!RbTNj%_Ru%VH9tCSGmzRIKuHAsvrpGBsEyF#V~rh8YiR
zXQa)G55oW}uNKMj+Q?nKbxy&WAGVj(!rgz>zU|9(cDm{$@{hikeYG%$IC~1k;nAdl
zrHAi5RqSnPu(^K_gE`STj^AINZcE{MObQU2R4Pb$AegPO=r}%=(B5C32EJt1nFs)y
z8OtRM1-v;wer)-q<I3B3pDoBkU^-dc$0An=yP6F!uU@@+g*HHAgQOA})5z57+W!Ep
z#$hEki@_Z$Zcv#)_361*__`<Y8uAS^@+~;Hgckp!c6fD4ymIZUY<iXTM)^g#c7V<h
z2R~-PjdN)+sdP9()V4~eZ_DC2z0v0~l(@<Bg5?F3f10aIN!4EMHx2zMw>a=r;-1tQ
za*jlSDOADbDdtncE8{lg$g`O#ut1WdiK+yNQeV}bSdV6cq$!<{Or$E88W4e&vZ>&R
z-DRo|RFDZSq~@#ZoBP7D=DP}dPnAy+1y<j7M%dQY>wS?nmdlDTW-}U(Q|&@({cHVb
zs(#S6h)C~}wPAEF@Kr}t7Nl=5i8!65)SK-o+?votoiKM~G-d3j3rog$T7B`O`k*7U
zsFvlZ`YbdZwcH=qCt@T>mGTzI!eph;anug$5Db;MwR)HXQssD3wvJ8`sGx*-IZ7#?
zhMwoCG9DJ}!`w#O4Qk4@!(&wnt43^IWi|Bxy+)fz<msZX{Ug_<gU#CcyX4&7bPjk&
z;?}M^-9dC{YpXtNCrM3r0A%x^hRS-O3B;Euc@014;QiHk_~!WR_yDXxQ@`@y>i7s9
zpZ#!hd4Bfp`0NV(aBz8Y@a^gGP`A~qs8$7+f*ohKHB)EJ%w!q`hv#Qkm*=Oa$CuZR
zZ^6~+@Ot?6<l_2=<I9upehO6fnw244y#My}Wca=DcxbM|BJ%Rrc1cesXKyZ#hr{c`
z(}Uq~q0sCEDXk9v`1JVj>g4?F`s666NDEx~npwQUl;DIEN?luNAY1jjh0d=eONUBu
zn#cH}yl<5DOwyInd=20lkZ;CYf+|Tk!=c30kH_DBe}4W}-w^~23)Pdlg=+PI<!zTB
zo*R*IAp*-_H{?4k;;GFN!MD)P)>cz%?wst82UmyRU!NVkJ04yf0D-UERb|i&S|-xu
z0&+jXS$=qa_T9;w_m>BfApMQM0s$?tPp!)!hCduO*kfg2tFdQ4fOws5Ks9LVrcxZD
z1$Sagx0KYzl(LXgss6U@s<oKr;pxfo+12&o@#WR^cPFRE0Sfv=#C;V&!uzV)A<k(S
zlS1^NYa<OmsK>X*Kdsu~4Vl-C;BA!m_WbPZ`0#3#gJ&tOZ&V)AR<HMefi35)PK(Ot
zS^PUT<49h1j~!hzBCPRcW#WVL9!v~N7c=NGvgme;jq0XR{Yb71mfZs=RN3`61uOHD
zBQLM`ibJ=9tiy6|sIJlC-6(g-_3)>&!|UTSxjBy7#HAHLT)scMI(c_|{pRxg{RK!I
zi$=E&<b$IlDJ3~au~FL=%POXOoYU{MUgn7`PejTONi9u*;ygEGUXZcP;-bW6J0JNS
za9sKIunMjVfHwt(Eqa2WNWpvk6Lcki+gcl`HFh6V*mwY>x5qyPcB-}81T!OD54ySE
zSL^Nc<nZ`xcyjiplU!@ji*1L)`{D6rI6PkYba+y7Qq;AQk1fG?i@62KZk_3tc}^fO
zP5lD#dJgVyF}yS+@1Oz<v+AQ(Rlp1uK)|Tl%?u7g4&M*2&fft_v`&Jm4p+vK%5<YO
z^@pQNfjeFYX%!M0W6_^3!H31jyW`6@$LQef2wfhZ9VsNBZ%@w;-?mMh&GM88qUQ`A
zI8w8|E2tn9Jy$E!7@ZkWEn|~PD0M8AY_Aimo_Fi&vacg}ko>^Xaz^;F>^#jc%s$e=
z{cC-*Qa-C&cVr>zN?g@Qu}#MGLzqw~sXNQX{D|r}2TuP<PU(#50F>r{)wf5qh-_1|
zPTyjduivSd<&7Rcy1_WEth6BYaw!;;s~9%30&RKeiI?VFS}p03lJB~4)0v$ps<v$Z
zYjmVswcflvu4Gc>1$w(1?LCWjpNEqh679a)+1WyO1ZBk3RspkeUXajSqUE>{#+s;M
zA<WSoNx}1aNQf>yBuAN`gvF&Tqym{2Kw3vLmXu(y#sYm$(iuufPO^j}mT9jHN2nk4
zTK&!6L0#z?%@W>M?KgBHq4181siaap>d?%(htQ=S8T1N{>VuV>*`K}K-KhnE)HIL(
z`Fc0n+lh9<od89LIL9NJQb7ri-j*XH(%bZc04OimKR_GMbPPe!w(eKU>Q<==$cLP&
z>w_VQS(fktdiG-H8~a`*s!(~S6u8)wP^o}G=6*N9%MF<iP>iMc)JS?!d#vM9%Ml3+
z#zg464pGAHvO8QP2Nx#`dIKZ!B^mqaLTYIV+*j~{E-s_<6I3SI#(>>7zHfuBHLj5E
zCu>-9hk3Ko_^XiKwhT=aH_)pa)o0c*tA@Dc_|$CHDDmLpMB|o6-(!vfsn**{$dG$0
zKvjx2`Ie4V{Dx=psU2coI~^hC3YZQDTX?IXKLumM;$>PLOcOD!qgK}h_ZYJ(a`wOx
zJ3v+(ub)$Xjqxgz&I8Bm0O=kt$pk6#g8ItF!bQ;aU+=LB@a2P-!GY4fxBS^E0iq>G
zrmb*b-rZp;PG)#Qs#ohsJ|oPhp@b2RSrM9!dZ^CW9|{hcORaY-Ap^AY&GYB=X={IZ
zGiNAl1uhf12AVrBRWlNrKy0=8waPQmHF_`WqjAtLM+q$;hL#du!(NoF2eW-e+oz`O
zq3g_R0S!K6YO8{6)xtX@-Zo8H6DY(++x>hS$s>0p1wja4a_x^#R3=rG*yRxNYYtwc
zO`JHp!%Mbm7YY4}QgG;<(G2Zwbu`y`JXdO~K-b#V{J$rnZOFS#ztZ4fHlmY~l{L4G
zfpYNIv6F1vo>JD%a=ZP#n%1`GdD=FY7-wh%HD#ipemkPP*;{8*C)l=RxS`Sly=d3P
z3$}QZt?+HTGgaGqFD3eA-_~Wn6}e?cuHmRNB}Mm!TkKR^FJH6X?X6i{?F7<x0Iq*K
z?3~Gw_14w%?m+*VP&+cBInKw6#qy=zFyRfE=a?4twQ8Q<tUym%-2c>#o-@wwMlt@j
z1V!0d4=o@;gD}STKBen$>JBT~qNm2GEI_VN&wbuFRF?0prRQU<_UYrD$SvIrn`iKY
zkH)3DbI~>L@;%)k2y>IVst#KBEsnigh@f?aTCII?b4rJ#(3J5GO1im<-M<PcZh_hE
zd*~iQ1;NRAmd<q<`1-b3!z>Gvui0ih8r99QOPZ}=fprIQKQpY0IobGHz3s1SS#{ya
zC;v9aggR-tgYE0K{m*MHSU4nTx$=M>#~iS5K+tm0fc|y*{$fNz)5gHtfBmCrF<o-M
ztHpc@oo@}LqQRL|yZ%x!dYN!$<*t?Fw}rx4oq%dB`pZuoUtsB!yBxu*>#SQz@M^cY
z00mpP?)7z_<pQwZ*Iz2%4c};C2f56);SBxbN4H0K+k&apjT~(q)Ptg`{x+?Tzs*+(
zP_{Zpa!;$zzX4{~LadYCd?h5VryDFBROC(C@x|ojs6vJQLnmZ(->kaIT}s8jU~o%h
zL`_&WGUUl@eoDEpasI&w_+S#O%qwgVhK5uH;p+!3VYWs1E#5HZh*}?hZCpBSK;`tj
zf`o5v+R4ZlsGS!*gusEaMbMZKaY=G^g`FZ%&{i!V{CZKQshh;oZ5HMBrBzGIf{OW}
zsy(K%JJ(%0Y$V{&Z{5s6PO@8@AlmmH&29roP;Wlit4OZV^1Fh~0{4`c59;4Sc9^U4
zqjR0-L@E@>Bn?IsygebV5Erb>lD2#Fw~{eJQ95pJ()V6HR~MRROlTK?I|xETxR`JV
z(<L}TY>Z+yn@Pb15~>J>`WX}bY5)+LC2*GDB2nvtNG6JT&S)lVsuc-zfc}Pp{)lG%
z5$4li8wFu3|Env$gHJSMzqvj-IDU72_L^lTedh6ZCx3nY^Xx|IPAE)%R?pua|8(j2
zz`bVU@n2Ax37P_jSC!rWf)a*EJZ0#qBt4o<z_%e8J^c&fDIq!9l}$487xNLzgTMC>
za&^M?wf42fs6A7?|4FCf+jK=~f-{u{>~L!2Yu_(SY6|pJcXBrQ$uhl!;IIafk4};D
zNM)EcpAMB5i3&#EMiAt!a+OJP+SZ2U>S-kK1hoeeH+`-Rhv|QfzSUJpA&S$4npbL$
zBwAj%)Z9@qMf-@8iA17`E0-eoGxT-eg^IaxgGm_S+pforsZ3^btO4nd<|^<q1{(5#
zjcLJU7q(Z(0Si7Ul(Woj-G)L>nJCDFe0YaNJVn9(_qUz!)!+XddH)290KnJZ(JZ;o
z$F%_VMJ-)3kN?#Zxy({s^Gfg)B$;9n01<4hKVb=Ttx5VH)F)PZ+hVg?e7ZRSWA@DO
zkGW=OS=%A>kRu3KsyfCNUn~?8{#z|w&{D5cI0WFU(3H+-h)%UX8dVeS83<RqOo3C%
z3(;Tq$|HBvhc8Yg-xkaAKVPFg6@B*zfg+(d#dt<UL1W%F$K9R1=g*gq*@99b!CjE{
zTOnyF#=y8ZKZ1BTXbXH_$|J@vtm!A#;Um`NAJ)<nMBaU(?v#60^9b$;-;EIZ75Q@4
zGJ&lXk{027>2EDDx1D(IC-}l)pHMFM*CoLT%?Q`|k*73CNG8v2IM4(`Nx^cJzYj8f
z%QKc1B%Q-)CQo2ETQN$=sGLkphGg*JR4F8=I+Tg_G?fQy_Eeyh2*`F}N;wNB=im2N
zR~IIMxB{Qe5ff7b9bQ3A9(6m9)71NBToCe49p+Sx4CNT40+tiyCZN+H4)tUk7!eE|
zoc*Myq2F?oSa3wRlU}u6ilKAeP@n-_00`@+QJ7xgdD|h-Bmw`MioWz&kkVVSCPeR(
z8bFW3I8x_oBdvr`e~`XF{kW%uu|fL=Jqsdq50k~Fls|?ydWC@dc+0vty2VAmC^KvL
z^vhjqSXv@pg1&nxJk4#hSa)9K4z;0wcS>`9^qG9^9YpH&TQau?QJXmrDNkYfP?Z~N
z39EU}72msHi4_BpE`+W}lOUQQof{s!?^UY0_a{eE_s|TpGtF~ipxWx{+D_$I!)pSi
z-pfm+-Hcr)n9Nvq?IgNrMCs^L)RBQ38huZn^8<B>(SoL{DUnhMEm#IRuug!VW6qUs
zCY8Xys6$HUv5(n|AUqbNkcR^#$gv{>?TyO+bCQnbxu;U-j#;5{`rr|}h3eE$%dRVl
z_T%OE_}G=*L%nH<8V4kvzCXCWI5>QJ@aFjX;^6B0KwG^3J4#FZ7xinOW>mo6e+gCq
zscMoO93CDIhu5d)ZzRZs-1fOhSn2p7ECHZ%Nq50PBg|>M0yGs2|A65PuMV!>4}AzW
zz55CiIljC+zpV94ieg<v+#ig>!2Q412v`VU`KjBI^0ceNw<m`Z$61Ft7^FGxPS6Fq
zAftEd`$hS@8^^X&49sTewso8A6>Dc|l-88pga;;v`R?8~kdS3pWij9Vdm{_T3fOZC
z05w$0w7WP%HD4)PwBNF}-p?*ePvLNDogZX)s&fbF$Yy7?*9PQ7S)Y7&a(HlMvs~0~
zd29JJ8g%9T@rj*ceA-&cH^w&dpD)kD186%ueLuW9zPx^Sbvg`Ckl)Z1@ohdF9$)@&
zd<n{Ruz0{Ro6T5uR?p(Qw1>k39V;Jnd+?|*sx^nc6za;ERvKVcO#TwkEjd-%^Uy4C
zLRx8Luphc6t2~a@o2miWIn4^_{U+%<Hmx)!XX|%ORrxZlH&q{O=Y%WJ&V(CtZ1<H?
zW~CKI@#g)>y(YLe@cT@2X$_R6I9N#azR%c-GrKsyygE3&KDbzdH|;F8F5+6ickhU*
z3lDXxb+L5iA2x%P*1l^7-HYFLdiqXVCTnP0T9ReND$(AS>#HpjX=|^`QU<zu0`ztA
z(7qZ7St8>vk=DFqms<{0Rn0{erSNMmeQZmz*&>6BI3GGd+Nyeam3mr+f*Set8c>6v
zE)@GCe{Bnx)Lzsfb!GN+e|M%`Ciz9z%**6{GdD0hCtnAA|H;=NtulEJ1SBx`VLBC4
zT!h)Ih+gw8wBuDV@PWUs>A~JGx|K<%L{w0NxO}^4U3A6$qOPvCTKQ7vj#$J(p+s7v
zTc;FS%l25E7Z|~E#o1{QvweD9r|+ug++u^t>Zi?v;5cW%BMe7QYoQTi^;taxOf{*+
z7L}F3tVk~Uc(1Xo+S~SndgY<4dra4QU7W4cy*F{l`<4n^udBagz(1T^9e^6#Ql@eF
z0-9}lb$ojK?)d6*<>Om#SV2-UBchmhW%zX_*9@UpQPiuMR8}YLRYegP*owvnX9KPU
z9_Q5JsDUMonht_peZt?L53lMSTc|eUypPE4VThDhLs)$f7nkQ(=ZEKV*}%=RzH)Bt
z>;vF7z_u3Q@5VOH>BA6yA6dT9b+dw8eFrbxQ^g3!Ywf7xv+vF?509@ezdbly$5iPY
zU+=HJ4?4#J3dHrKq}RCgq8$Rb<Ot={ps^2ZJ^a<6y0Erti#93gK`Ew(EE}(yLUXlV
zuVa>tuXR+EPO90`qEUx%MU-A2o}Yae_~UOOjU^Tu7&j+ypYIL0fux~o^cZ+*>#u<z
zx6yrYG(1*G*DEx+GkDM@;xnfv&Pt}lcUKqJ@6He3`p52SY~%Rd!O7|H`n${XcdaOe
z(I`G~O=g&;{2F|W@6pHQ@x|#+*H`DO_EV5NonH&K4og^RI*JU|o{iVT^2vC;tTz`}
zQMbG9UgUqS-LBT?!9Sl{A<I*GoiR(+arM*1@v;F+{v_u4iuV`*dpJB@0+sW04S13`
zmjDDe)HOzUb#QqFw?Lb}l+1AtY9Fn@g%D}&%w50}B+}HUB`1aJ%d*Pg-Vcv2{VS#w
z;Me$~e0hO6zhg!605)CgE!Plh%-VamI*(RsdoUdScz$^l)W+P+m|M#?E@QS?TSEUu
z>!@=`o0)o~mD2bDIITg}IMh#r6}1VKqx$&z=-}!gP$O#2ulik8!9LCsli2jQitx}r
zs>Uz1wO~Or=i4fllsB4hHB3bom=p58l7af-O^q2iuuQoraFusnxN!5yx|?FfvFlZ=
zZGu&%Q_;UOxX_LMP%-fB;p%2Q!D{QFkQY4Pf3_F21!#VXIQox&oSXw6SIIcA5XVQy
zho=XZ2UjOQ9AB$?Gyw{{oB%*Z^I7WKj62q%7JXXbvvZA4-@iFIYcbE7_}XZz-tWIA
zb-kCUUQSiVRd5tsr)(0yXN?0FO!QJ3IUfVWEfkCxOB-j7U(G~P=AXDKSzK~cj1fI$
z<MC5)%~zh}5&DseDJum6nSgJjpAO!gsv2@JBZYRZS8nWrA&g|-1ZUtS0|9i<wjfZe
zp9*&p|4;YLp}C7$D_K9R_NPtLzg|xMbqU}RQt$sxbM8M<vi<(oy*Kn$MP5*Fp~b~q
zp5M2)ppsr+D@x2UE%-K4pb@SDl#twGaHvPUW6$kZeb1pFF=vG!3BqYU#UmnUjMKEM
zLcBBl>Lv$PTrO<&Os)G3nRD<Kmt7o4_?CTXTFBEfzCn?O@vDyX44qabxstkvL->EX
z3f$E;{JLrz%y9lUwZ;DqF*9Qv6ZG-7pq?^9$02D)ZGh>77PTC~ZYQdPzzJ+{BQ33;
zdtjscT6(T`>Gs%~$WHrrSDz~7rR5xX1Q4BWf$gaXDoG@4OGsd|?;1|-1aDMXgUgJL
zDM@tLR!f6|<cw3niuu<1!Cw|k4NXcqHU>w*fXxFxSHWRA%>G{K6g>T9QGi)B$9i^!
z&U6U1(1AxyjDSpP0!S=iatie2D6h?0!e0@e2B<Bh|KVAm{a6~W>lFg_XLO>%(^ik&
zuhDiw@`A)V=_W2RsU>;Wo93bCb)w$sqffU`{LxkH?59=U5c_EJuE05Zxl>6nKOS73
zot(WHKuI;zu<lW@2xRbov;W)BftxdN+(4>tjk|<j0?PlQ^^)I1rn^gAFO}Ms*Kax=
z+jP1WAFy9|kDwa4a6as;gbahL;<7HkJvh8%@^ECO$V&l5_5~I+Rx8ZLNH#%5DcfvH
zP7%QGfjVk?Y>Y6H5D+WSp}Osqe{QLG8J%plqrNi2ajYXI#gz2k+F?~S5kelboFo<b
zBPvvu2Eov%q^TA~y+qDYuXiXrfQagJzOCwL!}%{iQQ0U4J&A@`r053Z82V3woIEFx
z0IEV%OMTbA>a$;raQxo|8NZ%knms1azAnsH0q=d!?#L}EU`7RGY{?k9!*hv^iK$`^
zX;ku*3N#|(j*txLYiO0g!k{+k6>{A;5nNS_rmCdBO70S&_j!U<I4@vN*V5yNlN=Z7
zjnp1A?4DU6Q~*8EOsy&{%m-C0RcCNijW89VxjswHc=~72-s2UA3=z&LRMpcw-6tyv
zdisl8$vQ(0A>oS>h)E_OazGvuq!{V<6C&VWxvk(Ar~~`BJ@#$jeoMzW^e2B)MZjBv
zRlye0hT`4FL9xBdM##~C7297N2_KCK7G*)M<(A-EP_lEP!(_k1F;2*9QIsTTUqzb5
z<p>LAy-u7Bw-m+N&^Cr%?zyOsIDm()aqId%R!WM8Z=o_*?t!_K2tU&%s`vQ`P`nrI
zKGGg~3^v6wUP|>IAbb`!<@Na3`28=5-cL!wLC~BQ$r4CQR+~l*Z_eOXgL+FEAXP}e
zgPfHhWvs!imaS<Un4Bf|q>wgfIx)b*hoyPqqYh0$T#q;(urD+T#wq4p%11LINWnjo
z*r500=k4sXp;o@r=>0tSw4Hs{De7B}&oM!h3HNhNPsI6WTR^w3&o;p_`Fs;}`+DF6
z$p=9)Q+czUq1|^rD}i2LbWp+Vn@eK4wWb|qMCg*E(alS)qPyX)U@zEu5RefOc=v%Y
zf~__&qVtO;8g<iU3#75PV6E=a=faiiBDXdAnF^5?tQ7Ypzk7A{sV7yCF)2tElSzRa
za^WYKS*^d$={=+m5r3|AvORt3WfCd>TvIYVed;Nd$>&-n+ta6>(xk}a&orm1s|V}4
zOU?^tFmU^u;WWC*uvB`Zgxs3rYq!HPw&e3iKjiP<-@OsJXbfHJ_jt2h+QS0{vV`)O
z-I8M7*^@O?q$?}Ti%f;TA2XKrA^j}+kLl}vRJih0oO6Npd%Ka-knVXOx5{;o8S84d
zKEEG2yv1dDU)k(FJv|;LT+@!D*5@-?9sC~erTewp;y<Oa80WN7WjndDy0|kBVOLP0
zmEV=j$zOEaRy`BUsh>l_^SZm2=-O(vH<$CPAJh*QbJoGxVy_om3dUoc(rnVGzOjNZ
z>wMn7-O~;@{zK0%W<7Y4OxuCNn+kHH!S14yypcUOrSbeevsYi*{e;v={ipsQo4()r
z47KUfr}&m29|StMIEezZwZvDb)fe_EPa6r)#5^Y_ymAqZl%KBg2+mXUBr++A-B>5>
zxoMhi>b54K@K*a*tJGoD#C@NYXlGCWq3zXLG`Wa@c6HFQ^wkmLzh8|;ArTJLlo8a;
zUGJoZg*H`Ed&iZ%mOtLbt2~Vwm$T2JXX_oe`f%M`t;~AsZSW&Whg+>788zHQQz7y<
zM5qdTfj$fR5>0b2RHNb7-wp=_5>Q|vwWnjN|GsG)yM3S?35n_{sg;wgmnLR&B2<2;
z2y#LJ(W!<i;lA-d^;~H~KX9?>fa(7J)t8^o`2)^})&;Lw&;aUkJ+P0Rot>Q*`}^?k
z&dyHl-`#KapFjU<cmKt+z5V^&7rXmk?d-mIzW2>nXy=jUxbUas0vBKHJh-p=<o+N(
zA6wE7uTd&vh4@HwcEqF*hopcwnZP+y<ny;=-gt~#8{=lvT1u!DM(<=AjkM{bs!17V
zUZ@R^{=_4G8wY5!7Dix#ZEtZ(6VP2X`~XF0tI^y_@#?iRCE4GEWQPZ;Wms*(7zgOt
zi|0E&wsiX;on#~dEXhG<Qse_`(33dZQlClSVPgSatKTE|qp=R=?OPpq=B|c(hwI;A
z^A)z=m^Z5KD)`c;jNOzu3T}4;6sYHo!`Ma9RwcjwiH8-ALtBsqhc{%NV_G!exM9g#
zTmBS3<&f4K4;_0$YFVev(Tn|r#AtH@5r4KV1R0~iWPh#CQ7y;{AK#F<`>}6DsMfDR
z1vSuk`KWN~n3^AUk4XP|L$hRne$dFzCVI~ux;7*mSg}MCH2bU|6Uv3LKUv{kcIVav
zThiW(I$PsAUr_(;x1OmoCUx!=<A*9@<oY8Z+O{t}J_Mpzibo^`4Zkf~N{;3fT6C8n
zU8~Fz&N8M7c<B^r&Vzv;I%K0}OR}V#;L=VI#QUl8IX3nWlu8@@*PQ}MZ*V^7h1F_a
zl3Pmd3`r>i36zafr3Ms54(h489^sgh5KYwun9AtIKFMOcKU-AkmV_;94#1XqSTKM`
z0{yWwBc1$HAG-ssKP@Rz)qXl#?Q6}QGR8D53({5_Z~2tHj}^Qb7V*?TJN~7lw>TwG
z21`v#yT(RwLFAsJIOWcSmc|WytXD}{VU%{#Ly|(Fc{S3;<BG6bbiVzL?X>P-1f3C9
z%5#fliQdTmGdHf+>yC~7L1N*L7SMhCAum++GtKfsRb4BnP}i^U9cV&Ph5lGEK*8|`
z$^{2IZJCnFz+c%}ts&Q~DQVy6(vr4xpnY+8d3<nntp9j_ab*7R47AAenC3Jg$6&(X
z19ZkR@`XWtVNm}92BmM~zA&fNnA7@{KBlRFn#~g3kHF#dLXn01&EKGF_s8xsQ)ShG
zf5yZ~rk|?nduFGEXiCyq9aq0kCacKb5xXPhyzqs>KR2;FHp^?SHtIZ5(cc1dQS<jD
zq`JV#p_PE2e*N^J6kHGLLA4N(McxoQ(f(sOLpX!+okdm*l6?7iei_wJDrdgW9}U||
zA5WilQo`--gGs@L#;qEd`iSxKt<!CDL};1)W6j_7-E0}nA|H>gHBnwNPpb#O2cCXD
zBC@!t$)68ElM@Sq{O}2{k1zVezo-5XhM{M;yxrC2R-IH~CClXUaeYqn<b9~Z%s_RF
zysU~#%hNA|)-gi8{yZnKoGB!5t-QZ%8G2|hUk=dz{xkJg!32w0IzU&47w|;jVnW0P
zw5q=24asp$MB+S;{Nn8~o8>GcnHb2Ik9--ofEcA<{xB<f%Po>mn4g+5#XKhi<fBuh
zyk};FkiJG~<9}vF^o2>S$y+i<pAUh*OYF7c&RnZ0HKq-9`s%Fn?&)8BS^o)sYW^SY
zW_$$C5B0Oy|6}LHv;A*s{vXeuy?Fk`|KoG~eEjq^uGI}NBqF2nVb!XoHhaw#uJfBf
z@};x3<m8QP>MMhE7}P=^fVF_STx@dzgIg2qBxNI<o^W20qN55og_rjMtKEecLXX`x
z_vvI<f`O<5JXde;1Nfq#w^)$3WZnTgw++?<uXCdsw79My@c#fsmn0>alStLbKb+!1
zsNVxl(lG~rolq@I&|a=_K~Zei!K1N*W+fNzNHHO3Q~r8HNPfujdG~xe_APYThL>iq
zffj7lHdNJ$9H%Ug)}60|HdxJc>`RK`*XrSQSG(N$Ja|*%xfkNpr;m)e6)MSp9=ymd
z?}rxo<>$bPW@W44#XqT<O&$+(COhYSaHqe0OzgS8dw${`uokVODKuy;#6d*6DiWDP
zUTPllZ)cJXLjrv8|Fie*-)-C2{^;-eD{!5jRXfL`^{^z{cV_NN?X>ktoBHb{Gxw~l
zSrJ4+5^9Rz5TtEQ&$)m5UDz7{!G~n{5zlnS`k{>_5^wDH{%reqyMp1c+`2+x^lo(e
zy!RYJS4~dCM2n<+tNa@W5+zdoQHyRe)t&?Mv-_g8oPvL4bC6QT5_a<)n~RK{km0zu
z?5%oIb*ViKCuGnszeTM03VS6)|JC#;na5fjOC<_%g`MBkV)fy>99GbNja?H`e$i~-
zdDvsn7x!tp@ru{zn{pB%C;(itId)Q>_v*u1$Jdv|{i!w??$tPNX|=Vv79sGiwp(8D
z9=$8d`t{ScK2Fokw32^K&HZUUb^RYWKo{%uJe39D4*kF18~5t^|G4*}|3Ay8CK*L6
zjm3J!l048^U=^Y0Yt_awWo(^-7#m7qZ7F@_wzjS6RV_NZ6i7@bUY5~H%T+V!v${CU
zIIna~trPM;DC}&l`_)<j!snm===1vWdD>5t{_9KJ&1N+0S`YDKc)=a{f4$+LU#0(p
zUVl7(q5seEaqPdF={Z!YM#O24-0N<Qz+ye{B43J(|Gl0wgQWLT#D31@e;}dV9NgtZ
zBGw`*%D}G`O{M)x<7e0740U9Ti}vB5Z|DdOjll7kA($tuPO3hy$Qc?q0kmo758y54
zBI)wzPu)M*VBVNY`KKNG&W}v#ojZSkyv1h3Z#QN%Vp%s?@Z|PS-9O;}%hx|Hxg<-9
zI8ltyh^9G<)PY=!f`m)ZlNryKEF%^U+rE9XWC@9Bk%UWKk%T}8EdvS4Rk~xSTjK}K
zH)<7(Nx=8voz2^c|8@{oAG5o)9yCz=hNz^cM#;bT;9bQ0*43$K)vw5RY{3)q?);Pt
zf?I-nMpBmPpn}%;E@uR|ULuQl;!>h}++DEnZ@HTKDFn#DKW;P(Rb@jOyRJz?<=KeE
z>>)?ORt(s59O~WOvwa6?zjYbvMnF#%@EuPgo-F?9If00owoaH;+cL$Du~7h%^PZ5l
zp&8&aHw^1d7>XjvtHzP`C@lTxdv~Gkxm3T|g1`v;v5^eGF@JBl*B<G$*@Hcff`d<3
zISP*o1oK>W&E*>f4qJ;*nIe|k9<2fxwuaf=Z%H0?NuK}IyPNs@Jp3*k6<Y4S@4y3h
z`w=Jqn}?kIZ;UL{MoI5~Exvigv>$f5YZG|%a@A-5l?i@j_+R1de{<in|4q&6^Djxn
zUnukMo-)7ShduUFxBmeGtu^~~9SqusTLACy{|x)%aozqmI()(ZdX^7_mheR8G>%U%
z&j8bLPF*ZfJ}0|ND&Mj7X1Ry#I88V;k`G>!x3_7`L!QTLB3ZsqmLd@uxmnVjU9;?4
z2_Y@Ix_DzS+aO=u=PHHjoz8z^3mUF%S@R`LqL?R(fSg{Q5#0dLM#3fel8F2Z(N@fT
zGAnWdjnj+~8Uu18Ni!x{VpMxDo2s8Nz9k~FHOZG;l1v8zqJc~QrCz?~qLA@geZ^Ts
z1Qyr*!yxFHL7Jw$CJyyYRWHoWQ5(%}L=i{Yet^>u2`SP=MkBUw`nXy0aH$^+sSIhv
z%qujG36)ZWoaQVdr<YPsrbyUr%0l&JETkl2UQKOPD><W)?L!J&k}#$Pu0hU{NW#3$
zm?It~-`b&T>mQ)h(uA;EE}^clSw=vt#|1Q<sBYEDx#vhxwhPEKRhwNo)@4%A9RN`+
zsNDzG{ex4Wl9!rDo>>}M1?8-bzyTcF(C!Y|+1&EZ4l+W6w6H0kxKg3qxexkAeEj9?
zmlKk)mAFQ@e**vvIHh1wy<sE~Bo@hnWkeQfDzcnh9ZB+se$XGAHGbe6HH`6-Pqb3X
zozLq7s{^)bf>wPhFoGM|ap0pWXsy4MfUnhPUj#I3Z>|DH1tH<VlEte)E)VpX?t+B1
z*MbXMrH1Od*G5y$ylo{mLjS5IYNMbUcuSpzee%t0oil{_{hr5620z4NMs~t1k_WFr
z9@x<qkZ;TbfMBbRl9r}lyvYCDpPKyV#D6?l`p+Hm-(WHxHu8T4lirK`_Z*+!Y{iJX
zLV)ge{MKO)(^MK*#P$%Qh_aPPBqB_rE_nuDeK3w6ZF<wc**71DmiWB6io_>%wvnb>
zuF{)F!zFHMtAUDGotOjgzYC%7JJ9%!>10Ra@b8ds_WY0(O`vs4uCP;G!97x~&u%(I
zgk((V8&p=1VDy)#qDb=X<E!UM17^)n&hEGEzj>wY42($|;uCuPKI9qA*<#)L$mS_l
zUp{F7HOcxfhX2;H*K4ErA94qNQ2XdsJh@cLQ3WQb_GM)^?t0hFHz4+I>iuwTJ8EE+
z%TSfl8lj3#&s9ql9KMzMSJjyHQCzWPuNs)Rv5i`U%;pCbeJN2q)aR;LQAHN?gI$VG
zc5~H#_gch-k39`WTQjPWCcwnjC3<i)C#lZJFA&o_9WGgTC5zR8jy%REaK_a$+aAv-
zmvk^1%VOm*?e>*0?WZDYp_1mo?SyvQyI+OM`p+}2kg)qOu_L!#4@PDm^kT&Lxi&I`
zq7s-l`6f-ZB(Z7A)lK`U2G&9DvChqAYD?a_7PU1toUQHfmy}>BWS-c>AoVfdY$B1(
zHyWF}y}S1aYE<n}e|Z8brDwZo#zn^SHAFPMuMDa2(+SyerqlN3&K<ozJ;^P*Xu2Wp
z?X1{5aHOeUfnz+HjoFcId#rgR9Ehd6UIiPQeRu0=f~c_|E#kO>YN<Z((?$7<d#!37
z_|1)!*g2(Rc;mKtUZ;9agdT3fbHy(yPgv$eLSgS=%xKn?IgMF2<<?}0lWgGz3zlE9
zRD7h1TJ<A$YIcR%U=Qt@xUh!i;D-fVL?mx6Kd3X>(9GyV^&N*C_IqyIPMlb?wX!s*
zl`^Yuhhnv&Np#}u-cGjKasTXIXY<Mz-@N<f{SRL*F5iBC{{J4NJd)+FEV<ss>{xQW
zh0C=*kJXSI`A2=RsRfkSepWYQE7NtKyK6wLC$f6>>hIKLr;YD5^py=)qeXDMGsnmL
zctd%94rkNN&ELE>>iO<mWZh`is!~1vIx9x_CgxN!S>=xU%M;JVblYhirXJJAAtkbY
zRqa<*vA{mqkcsY`cA|ymN*@NpuSL$b&)W-ow57MOLI3LHew*27(-CmOvuy_(&%z!2
z#$}p3Vj<1i?#=d%Zoar}yC2R`4DZk=2>-e~;|?;Nh%adS`0}+0cFgB2T!%3$htql(
z>~kBZWTE>iTVH`PL133<o~I4#Y6bIUuT7ePC!9grHAlcdXH%VSDi67>HqNH=k|Jx(
z=gqg9x@v!`P60_Pa$)P`*|vsxEFZdr-8`1}SVn-9yXPvZckaE2n_qhJHAFy|)^k|F
zifLU$c*1J|oo@VB(0S<|OL*s7Uug~7&S7;4H?5%eF)TZ}?;_sw7~b{LqnEI%!eMtZ
z&lp{`oiqFe@idgIxoe_Ec0Qh7?2y28y+?LFon7pxvsy%{6$ZKp$g*+8S{B@6eSMbm
zA*-j}Gk<vq;?<QbqV&RRF^eeumtL0o9mSHl?SxMMw&j}IGVWW}rllkQTk5`bk9&Ie
zYfnz>beC<^uC|Wthfh7?P4Jw~?!A`xBzbqf_2esQP{-PqvW7_3x|aGG@5OZc^IuK(
zt$Qrz-LE~xdTs{&yKC_c99b(tFh6cvef^Br%2zt`U;4^x_gH(6_n!PPn?BnP^F5Z+
z`!Kux-G4>zd6@5h?dfGoM7L}g%qz&3?UFe>;wMx(J>5gBbl$p;V0q_jUuz{>#dF_<
z^q0`f&hEXI_m$D_dh08#Bu)9YW2t_=dqHW+@3Ee?%lodWeevGwddHhzacwsrRPUv|
z=W#W?K4f(tbZED~__YMBoW*R#@~mA|Z#?87dgb?(y{bdFw-8o+{r=LJ&-;&F{n}TL
zcY{@JtIanH$uh_uV9}qejWlfSTO5}(;t7-TA`>&#k~fMbicqXln)6xAF3k%#*49R2
ze$A?FHY~}`1DjfDYByP4r1*+!qIbS;>#OqKmab~s_c)Jk*`Uq@OCloX<ef+s<z<1e
znQBgnYet<zUWnt4FyFL|$UfclSpC+lxa4$`i&Vs7vHp;%qi`w`nP-$IZZyHhN7@Fm
zxxG6_w$a_vJo>4K%(FIHsntVLn{6VZT6IbFaldVwQ{^p>Y2++hX^@>CG8(cAmT?ia
zg@bN=a^sH0rpTGQM{!yCtZi4ycRVJ5G-*rJuYRDu=(S{_?bNFE?cbg;QKpvv!EW=6
z{!9}-XEJ{(0N6Y7e|!C2E&sPa?u~~p`5({m`R%uw5gAUvFPP*{Y!VmA)0pg<3$<qe
zB3|;je(#^!{a>c^2@}8c=Pvx`@nBTD|HJX&3;y%7eCh&Mdk&79*42=Xop(yGKw`7D
zeiRx1yAt=}3lY81&$6r~Z)@kSc=4U*&D^p@A=H3BLQzEvO5c{~Ml2k?lc`3?y`~2V
zF)bNP?#4LJ;2c-<_U@O;XYi#hJ3nJfdd-b=X#Q%}MA-J~-POqX+^7MP>^N;4Tn`#>
zl<j9stLI9q<)QQ%pMG}3@NA?rme4%C`1C2~vBuB2U|GnL+(cltwZ8o|@;?^w;HcMF
zl;@QC%1@2{S8!gR3IBg^*pUB5<Izk0@3VYBGuOz!Bo~lm2_6rgEYuAx5{&@CA|f&k
z9~u!+<dR2BLwhV~rZHT8L(BrWy5}zbZ5yo2-JzisNQd1!&^j8$yAQ7W2ksyoBnQ>x
z4bPV)UPas6J7lNwKH1p{gX=unh8bZ%bnZr(DBod!Bj2<DO*|G_f}lmFvO|EgA_3Bd
z%Lby2v&U{D8+N;aR8dm8JJ2g!z>>C6MuN%Y+Z;#hj>mT_zj<L~{AM9Cnhn<R&D&0n
zmVMm!HWaz?I!>(|d;2SoPaD5y`=p-as9W?(3wPzT2TEyWtoR9O!h1^xIp#q9^93{x
zJ~jTo;tOpe>!w2HU5yy^I7#3R{y&*a1~vXa8BYc;{Qo&V{+S7_fgkp`1nRha!qeiH
z7X-rlEAp4+TJalTGXEuJBq~5jQ9_35Nwri+C5(t9UK7RK$Wn+a`TulYkq?ZWkY%2y
z^5o!P!SiJ?gZr(XIslF(57Huz4<^I$phB}}G!K_0o&GN|dq_ES_lk7OwRl!Aa&lKz
z_U1u0uoH~vpceRq?6`04G#=<8Qd~FH*(5tNs6yDqvieF+R9c!Br*V$auVVIS&SE&i
zjD}ZYKL3fYcrB!-?9Y8htA1PYCN`Z6uTw#uDG`7B2<l-`<zmn_@PZbEjeG5AYolIU
z+Ul11?FHN89?8rtpad^@^)Gq#|Ioa8wS~BsWnhrZmB9WtCmhfG){-^cvR&15W@ks*
zbMrS#J)82WTg;00%%<LctRJ`(TYSwnecCj+C2{tyox3x;*P-|KORnAeqTgt{k7vsN
zI+?Y^w((DsT1&HqJRzU)?VWwHQ!c;yYt9ocmpkOIPZ%|J#|$18G<LKhG|KH~^XYcO
zrP{*Ko<8j7UeQz=r{DxtZRlYeGxCWw+Sqk1<mdt2-yJ5jvGZ!QkWb$kgD^Wo1Aa-q
zr#vn)_NaKG@uT92#`SojhLdTF{U>8jWB$3b{%616uiJkPU;IDM^LaY^PsaZ3%s=G~
z`RBF%Y#QU8#-H-VN7#OV`-?CN)c?{<{HlhBJ$zUv;kGC0eS8O9{3yiLsqWz4(YCZ{
zJIQmImbMMx#j^BbS$eT7y;zoBEK4tzCC{Dv{acp)4U9^^JDXCG{`=UIUd%}^=A?fb
zbJEM_clOz6|9iIjPyOC#a@eT<G&+2-|2@a&-u6EmjeIW8v3{H;3J0%=%bygLCmdpR
z6OpZG9IpwxO@(9;;R(6M{?sAcCz2;2BRnT^DT-J_q%T;)GI))~H*_sYRwPj95qs@+
z^CioeeuX6Lnq_3h2u;=`V^oTS<N{lYxKy(sJm1HPojJJ?nal~#zm<fNM07<OkRQd3
zYGi+-NfG|Tr7V~{7!G?!*!qgmM3NguLa;}WLb6J6%XyK6P#7~8I((i`vgA?3^eXI=
zB}+n0*VUUhBD<oQD3S<c)WJCVO;#l5YE7?c#?^F!juUckemrrao$GPu4H<&$s7<QW
zQM3)U8eCvcH<c4aZNoIMcMmJ@(_3cMK>uk?vdzIY3}G)u)2B3=HW!>cleM(H=NB{S
zi<$JrO!{IbeKC{1m`Oc%?)Psd{TDWm{{CX_W<umL&*;CAne-*>?!`{}&tND0Co`GW
z?0;!Adv^SvL9dbjIUElsFZRFZ`21GKc8$)s%!*Xq!0(D^!SWUxU_<q5feqRtyD=lX
zJSm@Yt8nj;{+?-ZPI*jr-m3R_vLF}DF`ymHegA~?b$}poIwxtyu33^xl8VSs21%kK
zQ$K1?t=wt3l6qEKCe)nI227rZOl?C`YL*Y0l50{!TTp3JYZ=6&i|9WS5|hViUGe12
zHRUl_e4$_Wn;IUm&+BGY%fId#0loc{(ApR(-`zcmmL{s>ctDl<O)Kn(_IH+d{wL#J
zFQ3PL>il1(&(HrSgL?e`a6Eaz|9h5?%h4T*WHerssw?J>tyqA_YuaD{FY1kY@tjST
z%5Eyt$GT~LGZ;{t=N&sm<+s?}w|hnE-jJ3*?ifbHg71&z^Du`^i}$9=v1$VZ5bysn
zx|{`99uN&6>z<ixMnfe!Ek&jg@*1#7r-)d8DPr~yJ|$TZqwd%xH03{JqDY+r-+0<P
zt%eEptF;)wgPfu1>zZXV=dnWDl}!t3_|DJwobBUQ`#YXQJXt)&qCcZ>SRh(4ZWGR_
zYQu+C?>i6slJ_h!5i<=C+C0Y(UPyE9w(R92#IhRym*8yZN{Y_0r;!Ej;Q#%@2LA83
zH+j+jpXH-Y&cSPPRxpwa^258giaY_RBH3lZA|TiOU@#2&qweC01^we*Z;#wCk}wvj
z7nU@MVg^}38gG!KG|P#YLnMoCi%>~!SR4nP4-A82G8RLQUnIg}#S-LY>MhAu*DNC|
z5f!m|l;-3|7OzOeQkF!Lh=j~VrXM>MtCVK!q|*|y^D~uLSRhiTT0Q+rqx5wZx9z4G
zGYE-h#+^$&D(DdceKzM8R)T?!`n@t3$B0v3!%@0hnK;?`Lq8bwf?l_`L#pVQ?}{1I
zOd!zzZ%A*J1E7oX0aU-{6DRkl`;Fj+s`^=T*$4L~;`usdC)*oEQulAF+BWEab-ka3
z{`W==`rjYF#D6}^=Wc>ki37DB)=iMTKCv8{=GAdj9dc9=-X0^2-k%_Cj!dXWq&ym6
z^&V|MN`ZTnbp6{4OzOY#X9N9LUw3J=;!mLh+!g;n7!B+6fAkXn|2&_2$NyKnWN<*N
zf6U<@_)BZ0Q2fcM!nkL><=^PzcPf%OUno);@i5==^NMAPzE;1lbX30lMZF+dUVnT?
z^D=9+td*Xq{~YXjv^g*07`afbHOGnO(~iTRY7M!Z%cmum$nS2U|2}OQ=hKGv>OXt7
z34h|E?ZDpclxYmL_TkZ;dK*}h%8k5%qoy~|J<GbNRqIB#H@g`ozLEzKK~#ty|C^L+
zQ6>mkmZO%16D%_>Oq$4Un(-u`lb!#NNO-$6<=rc`PASi}9;3Z2QkfYCmK=>a${J=I
z_nZTL$P7aIRVLvMrhOXU;FEu58K1A;>b>6zZ{OCBTZzJH^^|4#MJBF!^pHkF_ia7k
zgV*F7jVAaIxmE+`AzDVbBxWSDA}5I;xQpb5N|KtUpjZPVg=E=2iCO-w)LB$HBdSkq
zkI8_%K5$cn6ishkE(r2ynX-*<_(nCWeo>3Cv*Roi%kp<@?R>4jPt;fDq~Hbp4;jeo
zaEI*H!zEqe+@T>MRc$O-a{5L$p-<Wl8IDK2>LB!^ANV3+5sXxgA>lFEjk$!s_V6{;
zt}{?Gu|ML!1NfscKl7{lx6OmYMI<*%mM>XGsNF0G^&ks=%@WW{2#qsFqqQ!+5vU`;
zb0~6QHn5P4@La<F!A2=107`#2>0c#zQPZ_GO`w7aet!r5D1W?*as_*Pl?oY7*Nrpr
zN3uH`A4V+1swK{|0Tw`kJCWr(dwXpw>+$jxTe~l7g~uEdb1=UNX?^>sKAh^Of6U&w
zgZWx}M{7Ih?i;P|8g1V*diRde*8OU}xM8>IKC64$CGR}34LiWs_DHoE9rIXr%p~+8
z!aQc<LzaZjrNNvxT&>0v@4y1^<SRyhhwDY}SS_m8s!kUUUXxRkhI{&kppf@7O~J45
zPK~v4Iq~|ty#AY}CbL<x`es%nQOx|_59xRCbS1A=WQ{@88*MN=m*uL<UVFd$WPHPC
zExh=}gLnmV3yMLgr6YqL{D(BOTS+l<Q6$lm&ZZgAZ6~>Pf4onC7mc*%_aS-GC_G``
z-H<-3+rI5`;{rKG%@^zASN?3X|AiR7(9K!QRxHof53~i|<^LHS*5dyL{r>1B{_j~n
zkFx*i15%!kx~;GAfMfRiN>;ymmoEmu-=zVtzKxHz1vZZ2Gnobd(HH!Vj|csKv<K+U
z_^)vt|7p@6^<U`!b9|nH{%<1t&qwWFi2U!F$UhZre<A7j|7@fGSOfa&)Bn++UjKd4
z@4e9fXZbve{+k2R76D*>YmEUgKR!bgfbQyrL;Nl|gx<YJa|m<bUN}VUvyJ|zBFkyq
zr78ca^}qY$K|TI!G8(?vf1c%YZ~9*X5aldOGcMU3Oaf1lIz(-3qWra$QItPF1FNu|
zy)cX4C9|;m_h@!e9=m5^82>QlaX0;cd;svB^uJfn{~u4rgBSY$9G~Z+|67RvHp>5e
zWdDWc|Bh+?6A}D>d1~MMY^DF1xP7S4*Ztf@|A*tc{bxKLz0m(>`8>-0g9oIQvcoU!
zgdKi*4!W*7dLhAIp9HIQemn(+WAS32dFIbH`d>uplkk8C_<s*y@IRmD^C<dXMCnC^
z1$-SsZn}99(SMix!IF_3k5_XT1Duu}eX4e__<~QzO5nKj^?NX=e|_%JPXAXT;kkIc
z=NCVB(Es7#xQ_ok?jMd{=>Kzk9IC!sgAjUiajpra41T1N?C4X$lSL4Uj0p*7NZ0)x
zQf6=J1N5^#Ko0+Kqt`dJR0ROhjXVsTxW?FO<FXXD4I{+wo!_1aVB@Z#x)_vgRVvya
zZ|$U3j*BHxDtKa$^KzOkSbib0{DjDy<^{qP%5ce68VIY?0`_0)pC>uXu4!xrZ2sQ1
zvh{a<t780b?{Fy+!=B6w&R0&+pL?~sVtK~HO9soylZ9=&@x#g8d(v#I1%3IqI(kb@
z*xCrW(*Ong(;vwo=mot7GiUQT3v+(WN&#qN<4{Az)X}OQju7Ybay<T_$HV^dtC+!L
za0yL$&iA%1n5A1Enwa4Z*k~KnXfxsGPTX-klwEy9PRNd0;GKtpl5gJyJe2O{y5D%L
ze5HYHB=fg_RdBeP{FgJC<A1xqirEtt0lriJAGXMUFYzDG^3fNp%>bZILERA7nu2&C
zq81r#r-d4I;ba-(T^s!4&XUEeKrW%0>COpJFIa(POR1lFfwb<nQG`Vn@3<xTPKf#n
z{wWXCKW*8y)ruz3iBoyc`BnW1D(A_;L0dPD6Q%yMks||n9oq2aScEh_Pz}y_vh#H7
zty;`Pk+YW--?-v>eg0+X{HD)l`fm}<zjplha5(AJ?Z1P;3;lnV&ok41OWdj|Gfh*}
zAZ9$Vv}Y56G0#<~$rVcymM=5L^S>WdpGZZPJAnGOSyX0@dfU)6Kw7-_<jf3g&t3Q@
zbOs~JL@q)RpOBBI7x0a%Ucp0EIlHnxgdkpqMwdUoXiOksxyHI~fc>8%?|s02H5iBf
z&HC)B_#GL$$#~AXII|OSfauO5SuFns)*hK>Jng15Us@%>teeqBV=5)qFjns=c2t&Q
z04`v5nC45j@B*}1I|caEM_9RwjLrG2{b5GKE9UYXTSwXb%6Fa05A1p68$yy|HDg)p
zv0Kob-OzQ=wtF*{Q?rFX;B&A#zWWG_QC;Yr%Jo8Bzg%LyHCH_B>d|z|#~wT22aL51
zAG{o<8Df!Ocz@J5NDF7F-h1{KbD1-sI)uC;pCqd+xIw#<02gDPMa(=7B^f$ZN>#h?
zKYsj(H$L4&eSB9{wREYZmWPuknz1CmWOE-0uChk<9;%nX2;f#^)i<zm@{wd+(0p0D
zeCh*O#wTRwpdzU{SF;@Bo#Sk|iFT>~?WDWAKQ;NUQM0-$!;Gho1A@Op{_9QZ_#ger
zWb%^#_beX_!g*{7^ruHAno+szHcsO|1fWQbB9O}y@;}f@k>orkIbShR<YYk9NJ%#&
zJI8<c(?P_p5ArZQ_~y5Fzr6q9%f%00e*ERb$NzQyzWC+x<Nq4!6bZt@r64=151uT5
zsYEl<C3&`1f7jYM+0c%R8B58agKZ|P^V@Hpgbwb1uw?OyFA|ZluW`oiy8oj=J^p7f
zJba1&e3s8E#glWEC6eTV;29t{OO}vX!Q%*O>eBFvE|?5DugJ$GmqZpRXf{MHSsar^
zEM_PK@MN)%rG5A{10lfqo+eS}6-n3v5p8!<kONqR$eRDxUO;|H;x!Qoys3snQl><#
zgaw`8?8BE2xyV@O6*(2Fl}N~+Pd|`|XR;G4czyu?#o>2?+26AR_^<h5xj0b&F@MVI
z<e+Rw$rwdS<~(My^E!|>Y3Fq?qgS2RLB2{mum8W!EAnTWaZyNee)d*&f;1DqvM}!i
zJYw_!pUcFronQX){_W+5-<50u_y6?AH}8LV`_nH!1gq#P^s)8+4|=0X!~Qeq4TmrH
z|2aOd$mx<M3l@t-r}OF+83e=Qpr`(6evzHdYw{_LpfVQJ`%*+f%*j+TsaXD(P$cs&
zh>$o{RD_11x>@QC0MsPIV64=l^PGe<A&IylGe*RU=c>uiKy3=CTK(nx?DVg@rsP&6
zLK!smy#v+U?STtXaX^cFc_4Tc9<2Bxqd7a+Q$2ou)$a|5Ws6P`FEy}(a7nXV9;8Ja
zAE+nyI<LtGmIEuM#{2+gK$*YutyEKme_n_Tr`Us8L|iHvNMfBbMH7ig0D@b;y5Awd
z(hI4Hs``!HD&j_C^ALFXtyN0vl!~~DB92JJ=W~|r6Ip~yr4LKp5Y#rKFw&1deIPU^
zl>8)U^c{_960*!pf6(`x{-Cd>|0ar9L})^$?O5ip<$qzbr4U!aoX0uK5T;X3iGUi`
z0r|_4B^~1mj`m^JH~0#<;c-laqV(4^=5R*z`?!irdd+|dU<o<!L4;zF@V~Q&ygNU&
z5?zOo*JSD(k1%6Oc;hraA%EDpV(YFt6+8Q6=hvHjXP>Y<3`qG9sHE~w(?&aHT&k5c
zE*3mdZG?r)#cJnIQ`PZXn#G)DWv#q$$-*nOZgFg<qqa5T5ulG|>~96nm>&E-hCR$#
z#=)!w954|{x13)<F7Xu!lO6`W|1>)~_TJI4*->)&-J4Tgt`wDbIF_d{C-OGQA>vE7
zf8^c%5w!nZu}WEF%K*Sq9+bvF<L+}TNmI1ilAJEoWf}$pGq<CWci*EuL$Hoo2o@e=
zEve{|fq1W{AO3s_=_fQzFSK1|3Y!JLK+a0#C$LU{coc$0Q)F1f(0Pc=Ig2ByZ~Hqt
zcYDQu{P^(#`cQWjgr`7}!xdjFb43gb$>v22Z>yuBNSG3m;9yvK5epiTnZDnW#Qchp
zA5JgK+Vzio*RFqL*KQK@)pA`jfHa5l19qEq6c~&*K+#W0Y?4qCia6%d4pF^_={C+Q
zgd@GX$i#}}OIFBQV4oRy&wJoKci_!Uf80q_+f!&hcY1jy@o4t#@_Jv3{>E$3IQZj-
zwXWA-Y}Vj=B}nUIPp0anpLoa;$)<So;mX_P9(ynM*mgBi=cLlrN44ib9?6o$N>on-
ziAAztaMvUr3VZ-6EdbwA#E>g?&+Kpp-oqI<!_hN`dtP4na%aDl&eY*z!MgleZN^mX
zFWKdZ%xN662>B6=@7?)nhuFHMfBGYwfSwj6j*mUZdVGvSt?rEC4+J=<B10^>{yr0{
zDalw8vCQ0-73B#^O?aWKU|@!D=sSc%yIO~h)l!>RjsS>XTYRDZ9VsB#0Lc|wOAvli
zkrpw{6^Axt0|gkMg{A_mRAfcb7EM4D4U>c=*E|!+3hJEDjH47a&%~-j97J}JX=ZAR
zV`KMRX{YhkNr%|-tX1cek{l0mDzD^$rP<w7L|r?|=J#{HSkd(0Rrv#r<E|1TVEWyZ
z@=TGCE-jz#Qdu_Hb!OGIv%+0Fnt1No(L~V>*ncAks>N0U<V@sCa(;1r2>W$@aXlt9
ziqxK&yM27*d9{y^%9}k5hAl*-c6Sym-^W|5`o2+0JrOC(bd5rhly*5uq(D(l`%TE3
zi}Q-V2{uqkHA)+xVaTM^@;@aZ4VRUB+|7z4=POedM^AL(dkZFq&O`^biGI&-2`z1i
zvtnTj6Xybs@08BLv9q4)W33hgRScN;g^0}BPkd>^WZ(>`PE|iiMnd3da3#ZHMll4o
z&bb`LXsTA2EHY7~Seb+;NbEGb{ho$2VoK0;m;t$DbC#)jetvg;`f4=XMu)fZP@I-(
zU{4D`8A=lwqf#V1S?CoSd-D0?@sYDanslA7(o9@4b-94ogRzLlvA7}A_ab4_(jN}z
z(f-v{a=wu~%x3w@(8o%I#y5PocRX;oKU`$PO@QN%^aw`26k!Au;e#W|I)~B_D-;)(
zRFWBEiJ}X5hV4-$zlxbX=`!fNCTCoxF<lc%ZfK@<iL98EN;*MCs7C&?2G4WKPpSK_
zZpIs^uBQ$jmqrneRJ(sRYMpcal?tu@)ZE5;FQ=BaOTz+PCazRoqjg#xvcj(I@^Y!v
zB*iqAe6h3)bL2}ZMu&U;azyoNZImZEgfyNeb4GKeL@d-Q<wcgj8?Y|!eCoo-*wc`4
zJRaKXGuU)}6pc^V4VgLtKT9EVb#XPrhx0?P7~!BX&%q%9b4+lvN}`^|G+_r3%_;n=
zdMqVjRC2o?hrZJ|ET_@mG7X>I`jpB%V|0aajIdpLG=1M|*q@ZALtBGnDVF4-<(T3s
zph|dtiu>6MdZy=N-=2^6tOd@h6PgUW+L}XVt`*sYUIxCs430IS8}>Zk820Kiu97M-
z-iKIXWs*gVJqxbJ47BH%vxsn%6I<p}5*@u_17GQ8Fy7PL9S(yUhC__Vb>B4T%a8^~
zszI!Z2b8b6(ajD@qV|xk^r`P{I`tPByH=vJCOGO|UWn+7%d7wk+;>H!_5hB5#?qLF
z^i&i{enR?F0t}?cg$${BGg$HD5}%RkcO380vFBPJ9m86yoo`+MCAosVZ^lTT@x_8=
zNa~D<3@U-EH_ROw1pPtK*QT!Hp6})C!R0))Du`rZk?|b0Cw7~cQ9Ei#p;)DgJ{!wL
z#-uu;O6*HT1i^Rubw%qUnnhZ9(avK@XhK*r7g@+6k`)P|Q0pxt=Vy?XoD0(L^?CvM
zbbi($@NadR3&~J`6!SR`IgOFYVh}VDP;V|@(uBN;Q=TyM!|u(Jhf7caY<qjaEzGLv
z2Z6f$C)pJ-=#%)RevOPrqv2pLAm{is2<VaM5YWiYLoiY$mCIaho0^(lB^-XXucj(<
zn)6VbGQe#{D1?OHh%An}DA99uRn#E0{NBZ??@{>zG2bY*&sM3(XtwSU67dW|A32lu
z5j9iTs&cUn8TFOq&?@r=Bu3OWtT;q=uQ?^tJdLM&C|Agog_`3{F`is8#$T>kmhp&9
zP2awvMc-;6gX7jq{hIs?oK_J|y>_|4v($F8lsu&)5I(R_B$2fD)^kWlrFmd*)N0#l
zzs~jwxb&`+;6O9gA*RIn9ymdRRY|z-|EX`6mE+W7QK4Q-*iDBRM*+NGinM*JnD2t!
zqL-Pk(im2fnh-p-6rK|M(ec1piVY-J$@6#E@(y*sN1g)C(a~_P-f|lobbA5%XyuS{
zVL;$Pg0D_=qJ*463q7vg7?kXIAu^sXS0q>W|Mc=q2ITXnbdf3HbS;VuzPoc0vslay
zR+J~^3oy5Sy7=Mp&Dq;v6}>`Zs_f>X8)lJI@&#Njhiw62$#e*x*@VfaP58;Nh|oB;
z=KX1)4Iwp!NFS^liWK{n%N!jp#uoroQ2nfkppi(@Or$J}*XT76D`qS)W`8{?&e4&z
z)DFhM$hl%fP3B#(vM$CqVW{{s`6#YfLY6$y?xSlF7b{IIX)Fby*ObQ~h493&Lv)B^
zi8z{gvdyE(#2MgWeSpRmK7}fAUuep|6d4Eir~YbDaQ$^WRb)A38TqVE0f|Id*!$??
z(LD@q4>C4q8B0QTP}#+USCs+m1*9DGus&#0x!CosYJx;~O{-P=n+V0q4U{D?78#W7
z59;kJy~&txmC~mgJQay7RxJAgEHJ7^cAK*#GR_cL%&ejSZnw)bS$0vUy-I9NX$Czw
zBg^SRl3nomuwW68samsM(3_&ze&lOUI2yT|t}ohm8KYOK!_YWW)UW0*;6a8$p;bC#
zG~$U`R0AS_tI2LyRxx@=yn~&P77_&~E@c77my(2LnYbY=S}+nS3P8^1aIv-VcrFyT
z2AY*I$kaYjEA-!@0EtD%77U5$IdFb-DCi*QgININBJ+%rBx>$1wR1Q<o)F1W3Wc-J
ztb(i###$738zGfm+e5T!ld)^gZpdfVEUaIlX{sW4SrNijeLPtm492~^pq)Z~lIX;<
zOEW#dLwEqSil^1>Dt9r>#EeNYTbG<@-XSHqft>*&X};NqRaSk8II`VL&HI`Z9r}tR
zhsO9q-ee1LdPb%n)=8+1Mc=Wx$k>lUT%Br#VM;!ONCGZx&YV@H*+O)~C{T0DmkcNl
z7Y8g+Bb>$TKwa_fqTmrbFt_rHYD*rdo22c&sFLzrp9$7ATj|(-|4YoI=EZkgASyIM
zIu?kdk*B_WH0td+kvQ#&{~+l1E%^c`S(p4^O2DH*yH@+xHTcXku_Dt-Nd1&#)G8(&
zLY6d(LIH7siVuJwg!34BS{jaq$CdycZsPQpMFJ*CkjV*MP<4fXI(HS*2R^NlPSg%L
zSt6)q@x-~eI6hxt{Ro70Lf+m|B~_ku2$@c&Yr2XdqbqXZ4z5km^NxdF0Rmf~1h)VE
z-yK3;k-va0g<igBozN8zX>2T*0(FXrB_t9z35smkCvXGGW3|%y^-^VlmoG&0LF=k$
z+5%xFV}C1{REK0%<iwQ7iUgC%w|NJXo3JqXn~QUO3J1PI>tJXusvBIfD&m}{F(XSM
zwd|6|vTg@7!n>xjQ_Yx-?$Y-iL%$T9O=P&GTUt<__J`^!^tut7ahi1d{cbksO$qAK
zr6QlL#)n!})}t8uo|EBW-TtLmw-Gkf68w1a2JJyc-HD0}xU2)SgrP$yma2X5W#faA
zjc@dk0A<1$AGj<vcL9cL-MK5iYE*yFP-pHR3#53p>exfy8kzxm#ta?xZOG7Iqh0)x
zt;97`ygVwBh$guXono2RhNTf3yGEaI<vR!!1lyKjh>*h;k*Nh+GC$zxC&!+K!O1b$
zAip=8WzN~DqbVk???A2Oe*5UBZ_Qv}co_rMZXMr>o~~CSV`O*6KyV`*h_5W){1Eey
z$?4w1X0atYD`Z*D=R5>AmC4hGc+v#;k=E(J^9PYgaK1Z)I4_dvY59UWEHemC!eZP&
zIMM5&I)ueE#tfd2<$9L!s6)s~L`)lspwhh28a}@|>iLq0UTI{x!-e6l#S}0Xiu6JW
zWm6(dJc!cpaP}ch)SR3hyXI6e4U2Q*wh)ky0^&+?$}!yihGr3%L21r`5Uuys7CW9i
zM-(($>`4bE$3O=#wvhkbwU__J7?SFUL{i7Vu2O+Q<qBmH9eAP#;JNCPW5<y<#c^Ef
z`*~*bG^b>$)OsypLPW!~a#1keuaxSvL-|s~%nZoWMm{;V(H4VVBM9M5k&6`=RAY?U
z!lSANVKRdB@svd8xvI@+-hZRuCM?Y1^mfRW9sMY@cZKkLA1sa2&0t_x*lM6hXmY>)
zs8ljb$UM3C<ap?;Mw|8<iY!xe$oY!NoUT%}2rG)hcm@QTOu0OLGgUKo35Fhtr-5d2
z+;>LeeLd-eHmpN@wv6n0>_TPr4F&d%Fq#}$!J&WLy8KgZ@9nCUost=Y*Z@%^Iq<~=
z&7v60Df4YdMh|j|hfp#@MkbzW!enynjB~^0e5m_*v{y!gYTE^0V<tq7PKUM3*~+~J
z+N%TRzYZbnHbtF27h1n3D<Sim6uS>n^=I&F>8G@eg~5*KTj>x2_y<Ozbi?D!P@cdP
z(4Uy_fXT#DkDN?;c40S~yPK!J8uOt&;1JG?fmurQz-wqN@RK9oAszM1h$gMRh-o)t
z(URs<B8&N)-zuJ1I?+lG7;L2pLJdVCc?2%Ulx8^*a~-OPaEV0bnYph<Yyw$aKH{Wq
zG+j3rw8C7pAyg6TP-%o~HHN?NeAyP4sUJSG&zietoR3qW44dRcNH~aNL;f3Gn^?T0
zx!-D3N&*GpkS9o%L6u0*l%Im-fJnyB3<jiJrXm50!R6aGXFschOC$qp*k3<i@$ict
z!52G%FY5NL*k6H9LD;#DnBfxR2TC(|O`3y!L7%0ElspKI>)}F^Lti?2=mdl)%8_v}
zc*l)f)AZ?lD=pEN>m;<(125!ey8n9W2t?1eE|9oMOa_a5#DO#`>?<}Mj@xww*V?1=
zt(wkC9frn}g_b%`E1n@7%Gj4cjeG4wnaX1JD+`SnnP&W&=Ik9?PqiBfRD4mDQcUN*
z0yRbyHam}<bT0%a;YlS23{sqIw36x8_kfQl8|M7O<;5w+?padlJCzAc<xK1KmFP$=
z$qa)g-ISoo#8<4G3^$w>b2Q*s<ibJ#=tL{MD!vM=j!k_<KA}Nw$;eU&8#jGb%vd*u
z^e)5tPtQrpQx@|Cqyd&lb!AiZaYsr-<Z~u-spC>iKA6&Zi$n=GGbVGAW;D#5Z5;Uu
zxg#ayZl|*+Bsj3N`BlDT2K~oA+0_Kw@VTl#)5cPlVMTUZBbMW<X579<WrRmXB;V$C
z%P0wBMzgNWY0SDQkHAP@#{B@*0|%txYNc?e9fLZ?)CqgkRLPgyAC}y{>NHiW@T181
z-_>y93lY81%K-%6u>*ou2Fv1jo6RtMmE6NaXBhPeezh4ktQ{S0DaMQeGeB`Qnkg|}
z2PvYb8MW?;#Bavsd)yBD&baEjZhKsbtEAd2+4g`y^V~k6QcH8q_AINSR!+6npV@jt
z>p?l{x&$h#PI{gF&y0IsjmyRiSXEF5E&cHBt+BvM@~1zNzEU-DNr#?x%gJ!$Ea|4u
z2!`$vX+oFOG<inEO|r>Rf_WY28;Y8)1U*XM{NV|v59=7o_Kj(%ULj3L#(o7I%4N@>
zW1;4lh`geh%@h?_F{*U!c@f8JGOIeT1M=1wW-D!$%^BbAzFv|wL_(L&Zkks!mbG&i
zhKYaBSc(o&W5KWSV5v1RtLDpO2f$=6SsGKt40LE6+K`bCG>==-q+SDGsyY~8e=r%I
zKm-wqg;}er#mzT$euA0vIz(BM7aQ_WVxxgk4cu2bxgG>ZLEq$j-R&pPBk~p4hCQ68
zx(#`0U2cK7tlsVbtUKyo)zBP>%$Z`)d))`@L>a~4W=D-*DMCgEIBRT}FS{9(>}J%U
z^QUE|P+caszI|;)&ILH^rx*zEclbi{1h6a{(jSVIS}B|d1UIO4NEYO<cc|zb7gn&D
zws~{rJd>!_lsC}603N2Pnt$I{3Fwda0_14Gyp3&e%I8xui$!=vM5fax_5Fa|b8}tn
z^3~bVnLv7wtA{~R!FSKT>&BWpsL}H|NdT6{VInX_r|CM+KtB>Gl;*~yq}iIx5jt75
z8gcZzsU`pXYJBX;3C72xJ*UqtUO!lEWbml>1O}huimlCd=*0FpkJ&ytR4^tE!=Nxa
z5WMYc0K)*1qz^RDwD@3?9Jn!y-)lB4u4E%5O*P!%)I<Zh5vL#~Xyyf$1t-h-D>O;S
z?&nt%-^A%jZ@jnXgz4iNsy3qn0_}5~7!8803Er3@w%1ReemH;sVM<tXZIffo5PYMZ
zC;k3j-8*eun=WoaF36nUk~i-@RM7>@jD1Cv-e}LHT*N{EoRY}M>6?mIPL@ZgAsg5=
z_LYBohkKSVLKw+=k+Tz>L~sPr4pwcD?3!gX))9@sg-$Qev?Uh|CxE-=#w=p^rH!u*
zI{z&S5LZ5%NT9D1BfH;GV~Pa$m4%U5v_u<ii2ADN)3r3Rs#e{HpB3v>{QB%d`}}uJ
ziM>5SrG$`Ebv^V0cvPI&FmTvnY%xo62-LSN1o*?AwNYtbC1w;j(Jr|lA5Sk-vre$R
z29m%Y*{!-QJdfA7Q|O_@^-$U|OLUfFB#0E6`W$&mLgS->lUE60uBG;Ra6OpnwB_B;
zug1QX;PK>muZ^VDCb;4WFIE}~Sdk)$G5qi>2B;+LCSKd@2jI^-$Pi>s#haCIC_qY9
z60Dd*Ku_sr2s0`Xcnv^BaxFVMMsX*&Z`Vx&goGd(txaaZo?e9`PZP=b=m=KfJW=D9
zEULthuGmUsYZIe{T1m`TTqEk*;KfwH)((Eqy&ro@e&gew-2>``#j6KRWQ$>dciRYo
zB>BqLy}?GBJ8h^}Q<M3oQ)tz(mi936gj^j-qd8(+BJ3Wz>@ht=J<$&aqyIEV-*<_Q
zdV3v1J8cSjBa~DJ8k&u34><gc1b2(NvpsjbB#<r$-K)W*S4ukD;+t3mEXDwVp|K;Y
z+&(06W*QJ^phMzT5TjQ0AMbvCHS!I07#$Dx+?Y&2jj?HEN~r|d6ue9pJwUZ`fu6#B
z^IYj120QKr&FG4O$-rn)T33}4&j&UaF+}H8d!ZQ#l3gYl`D`$!C|S{@u<Y;Yc~;PJ
zS|D6K7bXz7XW7yq7~75AmYuAYvy8Yvj~V{mm7z$%6>Va!90a)=Th$7%DD=(n5S!rO
z$b)g;K|!0c+dQMcfQ28a22x}~Bb4B2442T!f0D-6h?Zd%ugdfm7>bAe(+p)~^OE}g
z2GS2IM5SJ7vl93mq9T;`Ddt2eHcH@+S(z&G`PJA%k2a$~P5P5mEIbkg-XNJrEX(RL
z0gYo4i-iox2Q6{ku#ABtTn7xN2K?J3`K{3(t{2B6_R<dPaIaLerWOuQBtK*{WEU*s
zKyiVCp`!Kf{PbIwLn^LJBu_#HzRM2Lx5_%xQV`Z>`t&I#yl(>KbYTiT>_h+6JTytu
ztqEqEg1SehBmcv5=s1n023*-DFsf#?EQZFqL}V)(mqr@^@IVi_*_*p{0lPON#}&i>
z&Rhl$2l9+(sA}7d_n+9XycNx0DoCor^f0Nld09`g%Ec8!&!N7V(#TQ(Y~~o89PB0A
zV*{{76FyC2Ykg_08O;hhiV2<nPV60Y-ytw~r>Ay=D;>0}q+YazL%}A1_egCD*vKOu
zQ?KU;BQlL8$+AhSpc%7;Mi0asf$u4gF%#?@Fm<Pf(E9Hqh6}gv4ThxN;5{^<M-6lk
z=PrY-0!|sBc}~MCB8zNJLql~vz!vPdtii1{JPM*?F;}}tZYYdQN$WgeBwUJBiU#Ca
zCa$WLBRa$lFAQuSy>f3IDt5+VY9w$tF-?y>%BQ1aPgC>gcml%8&q{fH_g-T(I{}Z@
zE=6Mi(78M_DgvC+V1sDeYzohaYhQ7@flx4<{81Ys6QYl9SX-Wez2f4Myc!*k%nEqg
z3`WPL&7hg{j9o)~5URFTlv$^2U+ZOB2?LN)MA}I-i=|mc*T^3rQ3k(V(Nvp<moy@Y
zAXtJGA_5>JW5$;Bnu`oI+>FU0)@NO#@^py7<*{;(;tnMuTglQQ3`>WO^&G;cLUYgM
zdR;M+xf_X>)J9vGWd3>O1rUjKggI39DIs$3HtPs)Z9_*D7tFf)QAkQt^O8l%&~TKP
zG)<h2r;TcKJaTq_OXA~E=|I#(9b!%?q$S#*e^*|wCBR!V(~@;AOn!<iW?kHJ&DjI;
zeUSkjiC9i~th0P=1kYzp?~J_(Qr4azWbg<ytB*^jPassoZ4K+uJD|4k1dHhFRII?r
zT|7qz4kV4cD1k}{1#3-MWEo3x@QgCak~|=v5-=RYJGu)z)SqJ-Udc`^2s>jm>O8{O
zRt7e}Hu7ZA4LcQ0qU-dyXKwmUdC|3-ghgu1NZiU4_72lnz?IFF`|zy6yit4!;^T}X
z3alO)-NAY)Iv5n7t~s2GwN7PK55;Uj!!;0P-8Y&kS1ezOsEkRbalGDOB}5)$_=uxW
zfwxBACSUM^(a~_P4KAx1;)tHWR<uXmpKsjFXl#s1IQ*%p<~1#)cEonk1kW1HM`K@l
zH$HTxwBdf|LOTY8GY8)_8xP$%FdVU2up1snA<ZIUV7N^4BTwt&XoS{Bbitzqx0DuX
zq-61kh18Loq_KpRIB`|wX7}^RL%G534||R=1X``EVFgz>)A}HkhbWy<n7nC#E6n_T
z1)R}juRR0|@<zc8T}zyG9ENr?eWyF_ZRpL7f|?rsJ~hpII&engKAsi4#AOeFDqita
zAZT<+6LbgzP*bJERIMfst$RX(x|yDudHZtd@u*@_OWSa*Km|d4<iNW0lrmz!Gt2FZ
z6FQn4?)hX_4>w7{r<ZTve0+;T+iq4S0_;g9^$E7mBH#-`W4_R+OC};k<5q09q-tyR
z$iqaSuj|0L?3CD>(fOQ*BohVJAyV@=mpK>T0$Q(FYcr}b>EU0F;mth!rpT8f<9~;_
zmXSniXug^5qfyTpn#Bkc;D+xSvD_st)^h6`T{s#!vp<0nPhaLD`x4C@krq8$5HTuq
zn&jNjwJWyH5DXC)<E@41FvIZl6puz@E0aR%0Q|2^Pgd++OOr+}`MfG*?gHqcj2f?>
zKs20KTnQ@|JLu{kmrMz$87q;6Y|IpLkrrVWND)4!M!N2h2AXsLVSzT+x2!()NwN&#
z2{5?Y{%}TfI-?RGZ2=J4<ott-1s#7YEBzRQ!ju;IGAP`JJ4AmQnN|Vp0>n3#Ygo26
zF&>)V2ag)4iBPQKvt1h`ldZcl<BGv^vk!U3*ujb_3Tl5UC%dOJh(B*o1OVYezXq+B
zWa5A)^Nb?)NRct8(F4$<xXd-gj&A$lRW7>yey^vYFeGE-M(v<ljfA1MRfpMa6EfSu
z!L01$1XYZNzE@?4K@~PsZi+?E`Xk5!oTeH3kc)I`Du^Qqopzy!+#l6bG+O}Iw7?bQ
zZw1e%b|Ai-dD!2;_!E)n7>+5i)vdP4z@}$kx;X4rm{b`|2U<4J>{50@s?rS9{=tTP
zZV+)(#qeZKXqX8ptv2fhDyvcZmYW#$k1UO|0n>Lm8!PUkK`_~`6IvvgK@a_6ZcYm#
z$UE3Sb(VdKA!G)PUl9W1P~%CPz+q?XD~R`xof!|?XIy&683K*e(DJM!yix!FhT(fq
zTVjBmxhG}#CtyRMDDDKO=|OA?)fxH1b&UE$XE_Gj=*E<$siyW??3$YB<y=_%w(8tB
zPH5CS)MVpEWLHdS-Sb>P`kx4|7-oh-RzXsvAb(v8t~8|;k16<$XE9qzx10gU)Kr#3
z@x2JWqsD%in1EBAzls^o)|jMOd@jhv`I#MMHRplG82bW4@!gUhYNBT*?7lr-TO{O1
z7O#wWx=-f(R;LDHQo#*~1U&B$$4CONXkvt7uyM2yQwY?K*O&73kn&Y#uJxS4g}g$D
z5c3rjpMb9}ia6E?IaF#^T~^v?T(O?-73*nUU}P~SmsZPmW9_Yg6rqW@850cM`f9qp
ziF2dshHSg3RrTA7(TQ82$VQ22Kv*{ph48$@nl$d^@^tRnW1$A9o%K4hVb9Fi9;!+O
zh&H?Qt3%(gi^JoAGyPtt^ZGRe|Gj=)Gs1zw)+6~c6UAZ)e$<|0Ee8^)1ByFNd=P+h
zVcs!fzos-_8avYsm1ZphJnE24n?REJEqanG);I#e86aK-#6%IQM|n<WYmy<-)k&u_
zolZMSb_??uZvL8d=eE8{MsEUK6D7Ptx_gp0mZu@zhgl>KPz33ko$ERQ`5+xb&s(T6
ztdmP}ln@v*nw7*<ktd*}+Gve|uVPLp91ho)ijirxfMeH_2YAd7U5&@WH>~OK$hFAS
zaP8k?HFZqD1N*xAmgpkux(bQy(NiWpJQ_DB`ukr#zWos7w|UJ<6Z7QClyXr*RW}!1
zFqFl@<jj}WP1o;+N$Di#i)GFd<OU|R$1$>Dnl=O);<*EF3z@c+k)PU$dUDajBjlpr
z$2?70WHDqUiN%74XzT?7gWRD)d34>U+Lw^OWqbl=IG#qL!=usOo@0D*qwF<6UDbwD
z9xtN=*e*RO{ozqxcPVp`IrOlFL}<Cyr6!tMZH(EkMDU_*#n_#SQrb7MQ_gX_Fo|a-
z8lXXoas6v?Q4S`DT7`-4!cR&c+F`?o=GY3}ou6WbOoO|g3n#n0XEkiasVOm<H#$wg
zzyWC_=rW&+Y^BTe07N(zPh7DG>@h|wb^;<)=QDte)W3qQCP$TapkvW8)&)X<zXjw2
z!|Sw3&3>p+MGvaQV%LRa8bt>Nw+3Ibt2V0(7PW5G1OO50;3x!BM+qnzG@~etwS&e0
zLStOBPPA5mKDaW%+9}~e>dl23%Bd_e^V!@xlLGC;4^Iua0|IVTIQ`?7Q`bi7>Z~n_
zL+n<1=^B!%tr!`b$ABla<R)1QO4JHeY-=EeAP9l2qYls9A>gEUB_$(iw&j!J)f)L;
zt<h+2LulB~ZV?|@dIBoWE}+R`KL3fYxV_iD#^6J33~ty4SXq9oos%GSDMQIk$G#l&
zu*pG3-H0!Ej@buLXB_HCC^lWQK^*$lk~usaIu>PEJqU2K6&c?D^qnKG8<pJdp{Is-
zI688=p|vP4tupa^33B7Nl1#f@$?~oeoTe7b15J|Pva$(h)r2(TNU(+Stl;A7WjP#|
zbbPptj%!r-vLNQ4`(<>GQu&}Ndc@L<g>Y`PI|jq9h8vK$u9{(2!(%A4_2%^B`7iIu
z<=g-B>HPBT*@;DHqV+UirN{9c3KU@`xUu|#OmD;F5%Q$ecWf>;fI-8HG$Gghpg#_7
z15!c3H}3IV5Nf&C0*I-7Q)Gnwt)P%e1+5s)Q$`4=wNUzr&Mao(GSQj=&rx~E80eyI
z=?A2z9Rf&4P|w4Te6~hdF(W&}))+4Up-V<1jdjFVjO+qhI0t<JV!ITrx41CX&;q%q
z^R9D<Ag>WdQ_00iAt@4@vJjy08<wx!^o?a1js2Nr#(8*PoQTF2-FhCrR|{@pa7v~l
zQ56H@jkL?7s~Zq0w5Q5S18|0Ed4i3BLdhSf&oLGu_dr$51oZ#8Uuu`yCInsVDp?z}
zt?8cK3|NyTPrJQM^<9@NUL9DZ4~P9Nc`6UgtHCPLNjQhTV5f)u(FQBEBNm&|OvXA<
z7V0g_7a@GRga3m;{I{qe<BhB8yBNg+_;7fQ>a{GOz4DGaX?W(9oGws8U0tgKB35b4
zX_8y95u8vOrAp~J&}<pRTYnGQ+m%JQR8(V{u-kmP2Mv8u!sZuKXr)71!=M1q83XtD
zHTwXKJ2ld16;P~0)RD<Vnt^<(mK;N!V34~I1C8uu-_F;p3&_U3u9Af#5Qd?sP7y~i
zLQLYC!ZTKd^K~8^g7d)3`0m2;NF9Jqc7OTsVNYidj?@UqZfT9*EA2$UxEx^8s^!2O
z#9V0jbex2*3H7jdq&*;-EulZj^)Ov)2BjI%hG=VtC3Fbs2ZI4j4XX$s(*b@Xx4%pJ
z!316e61`uco^3`pNQX$+b-5C1pP^nVvabY>0R~GNju#j^Oqq33i;*+SYVM|9)`9QY
z7^t(M35=(c<FJ415SW&0Q`0y<{}n<s9H(qR{sN_zSiY|>pF=5t2xA#V8zKZ{SR%L5
zER<YCeh0}X<xl$>9Y&w&J@gYnt2&40QW$`KM#E+KYPC_tLdrCxy`YM_)*y-xTKG09
z{W(gcF<65@7$rKB|6$BE5fM{rQ5+@mV9$=zmzxZ9RF15Mih-w9>SUf6@RJSqHj$m`
zniFS5d2%f@+&SR<UURA_=#s^;(aoYrR?}z2s*-Z0SKkK47!IIyH=De(F42S>>!WrL
zgNadR>mk0lT@>FNFgUL2E>8G*2~=TWnAA+pC|il-0~EBz)DzpOufjAaBSr?BqnJzE
zn2oDg(c4dnRn(?76jkRok;r;I$qd|{b>-cGOSRTE2w1|3YKnttiD<gwiQ89MaS3_-
ziqWJ5+R0cIx05DLwx(kU#qr2Iqudb%0J*r$X<I?bRY%1MQZ{#rN1(+UF)&_3b7}ys
zP1ctX8Z&$v%vLmtd|v(I&ZzevJ3tWK(CKYPcraJfm@Bm>`Bht3+$^rM_aD@>4gg&t
zf<H}iKC+WCwA^ZN>LJBF<7;cM7>+$p;&43PBw;!w2h0H<`ohx=CrA>pzH<~ofj3}s
zrAdO%9q4mRaQ`J`$%iGM=j1TBtuk#p0#9N$oFK8Qx(3}73Kky_+1|eYc=_KKzns7S
zSjDBsG!jT-P|qo5E<~=*Zb~p`7h~ItL}%W`<uE;+fWt{8+_jE`tS?+yde05&eKquj
ziyj_fFK#_+#A>ez^{%BCn6-v^GG(C5>^vpC;pAvrFt4?Yv{c=#A#K8JeYaja7PJf1
z!pG5SdKy--gZu`^^<X>m<R8PM<A&|4Sz8tzv1kL+0#IpoZF6z#qgQ@2I$lxkhOhr;
zcywrndggkyDzGvRy3G~SiGn7!rGym&65~q?bd2?BOfx>`EOG;Y<{4wANP|+)OxvC&
z&*2zNo^Nkcb)Mh8`{2}!s~ZAk2_#?-vM-r*TqgIZ0Z|EA*JS|rs{!jM(n6K0=Kc1q
zYd!4a{r*^Hh?nkzGW?_z`u<DIpw^%pcQW)vha4Vmik;KiydxnwGGilBV(5#~JUpCK
zLgs9BGoV>kFEiCAVg{+acCunVC*ScT&*&OVAgPcXE7RJ6_+IuyRF^K!z9Sq`W@XEw
znpS<on1`dm#(P;_8bifaB2lB)vYG?mZ71VPCJ)Oq-P<OFf>CZz74J%mAw)yGeys$j
z*RRQETn=q}Mdl0EB_k@MIS!h1%>GLjuL8N$>W@fyC=ad&U#^E=?D8J$mF_?tkOcX{
z)#9VC)iE<>?9Ue>%V|t#kuNPP_48gSU836ue6~$aES*o-74vSyA|RPjH-#R%sz;XO
z8c4t9*h(!h$eu0S(_B{#wCY&pKToqFv2G-3h5sj;k>2xeF1mKvyT6KAb^Ln<gR^za
z?($QMJa35d1N?~h8#g?yugXJ*4Q0@}AgZGi|Lcs}IX`8OUFgyHnYWF(GX-1{t*K8-
z#2RZ3H_nb-9LF9SPST7gIiV&q+2kd6xYon~;R`(a2uOvs)loWdgYj!xrB>w7quP-S
z-`AZ;Lg%@bc8q7<P->lIiN$dd6iXNOUZP}>B^~y+f?v}ZTm(2IC{LheW1#yqQJWPq
zrenrSF9C)N1ifw+_BSeL+vLwOmfB2$XTY&Jjcr7pHL>duN{RXJrIM}Vq15<+ECTy2
zqspqWdo;`o9saWtkp=>;0mklrel_q-Q5lR-&D)+IJZ(gKOfg}2pGdw+V?;kI6TodK
zB9ilfoSSTKryayBRU3g%eTxY(2=$~3J7Oi3eVrEPg5|l%DO&3<6XnP}))D6V3xK+W
zATR(GHXP9x0CCvc<ZihT5t-&96|q>XKcwoIo?0u0oZ60j^&)Knf48ZM0|+*15!K@?
zLNWYIgjXyhKNd5x8===ii!})L4Ym-eq)46=EZPe!9*7Iwrdz=-tT42$7rLkza_jL*
zWrV?Y&CM+~Pd>bPFPnyZ1C;-RAc{=6%FwLfaVbstRxlj)2YV&~YKu5kAhOaOm_v4B
zeLFYkaip)YUGe|m{7x|DiCZu!BhUcVj%ktr9v1#2=18>yow0SJv_S)bX)M>~a@;VY
zfi@se23x40{5s$Vr9{!07fFcbSf1kv80a2}$oPVTlR^*7yrxk`u31*1xqR*;d?$`4
z7K^{`zUuc6dwW3Ek)@b+OfS6+wAf7}dsizhp^noa7-D78`g4v}sb4YN6J82br*5u$
z8FX_e@RYt9X~w!T7b%JPoQ3N!R{FV<Ofi^vYEXkoe{T;%MUjh?N`#4`gKWmSUg$^y
zfN4O@3Rw4PHMWE&Ev}kGl%7f*YRV!6v4b(1%0kVMd^{O4r%6P!$oZiJX`NwIu;$2F
zkr)q7Wm;%Fv%cO)+$6C;ZcWRY-MUYccMHF&!NJ0q8CZa!lGAcGDp8v;oxB3zvj|c_
zV7zAceC<nvqfxng?(RTzpP6VS`d2MT#pME`4;1ZI>y(Ha1fsX`dupZE1j}}|1R!ab
z$4bdqRxxC9X;s?$PsUh)DlnfF-PW<FpsZq26y6mp`mMyg32R>Y*f1Z0=!4K+<`i3D
z2^>to<@Dm{kedfhMQa;XWQK}M8?HT?w)ZVHDI+J!=*ge8wvE|U+#YlbeS;c;(Qn+^
z2%n_MZb8OuODa@f0Ypdu`{q)2lM9PZWuAgMmT}C&9H4|C;=`<uFR1F^xQFZWv%9TQ
z2bsp=rUZ`rTOo4V5b>+W9pu0z%K#NciNw{nrFBs73?MH<4iZCauFk+0&S-FaXt{f(
zAc?(qWjTD8)YvFHi@>ReqtWG13-6E?AS5{JPK_=log#YCqwktyZ8gb@uxLscw~hPq
zl%u|083Nq6o-t}cY*k|ejizWWI#x4A({uv$081l9K+d&0R$nCvWEgPTKun%NhBa!6
zfVFAbDcdljJ=3*2;I!$HIAg9C;`!hXt13;FZI{J>a4r>&2eoQuk|m+y)mC@3Iu20S
zNC&2ahZk$KD`vy8Ok}0^S*?nm80I}_-{dA)(^xC3Ym1QA+Hs^qnw^#_TtisT_#o*2
zr?XCNm4aNppo0OC&=~y!5i9IOo#yKJZDoF`NiMCdEkZFfD{cjHm8bBZFSN*)?uOR0
z+I~h96fMS9NkOU5^TgzxIU!hfg8*1e-HwaW;fuQpfjPK;ScC{jDCBhKEvdMW1*SJ~
zUkMff%}^xOFiUGcU$T{32ej_7ab~^Ima2YLBm`Y+GPgo;Ke%<dWI0xK!2>b~Zf%UI
zxMt=ecGO0obvC#~!WPG_#jxS|H?e+T1d@&wNS*RdX)`HxYy(D{+lW9Vb5zAlV>8lu
zLn4kkXq67YxDv;edisW?l>uKSINfG@+B1soSS+@N0m2lhhn`01Om-SB!%l2_&2<1n
zjk+C9)PSZ0MZ*79lo?sIl16w)Q1DcI-7a<|8>VFQx|x0QSu&GlP^NugDVowKct7Lf
z;iHX<xzL$OHptUmr}x5Yn6!+OLKUtmo?s+K>ylYU=3DD-Fw)9Vd0cJAUEa_?G<7wF
z`CW%oSyaBdg*ImqOKs(%rP`KO8(I%eqf5}s%D{}W2B!{C#~^bUZa+8-dPD<=cZjRB
z_JdK-`@bvNi-{W7&Fxnsn*q69iH?9nCupQ~EfGhp<9~uQC}aa&or|h850-U-Aa^qj
z>CsgjsEcdVMXsjA5>ibTgBVRq^3Vl}jJ-yqs}+!RYz&AW*R1@yq4w6X44tGj9iRzU
zRDimRP*hr~Mhq$(|J0scUkPtCYKo_tojM8kpu1J-Pmx?K7A2s{z!%44FzlBGr;QN%
zt+ByPdkLD#!Nc99amo|c1`5B)Xz4W45BjEp&(wxw)+0wNaZko*RR(bKIf<CWdMOWF
z6IbwPsyr2rlZc2}Ft6%qLa2cfXrM!yuI$0k)ABnQ9#t_LT>FF-aS&;mYfpixpO@Iw
zKGmZyqTfIx`WajBf4}+pCkMNa;ukX^Vn&mPHNMT(x;AVBrQR}1U}=kNLf|5`Wj4z@
z;OpENj>|i+u^K@M)nX1ZV2P;R#-JcFD3L=d!ZgiU60S*9=)?e^cd&d^Uder8QW9zf
z$4o5;T|h^Nh3ipBT|xzt#OOk&PoQ{!PZ-!ywe?UgF%(J2vP2h8UfUPsipDX6JX<%F
zX4m}#DGnBG(J<~argX4TfAI5nt+gL2wpUFU^v3vBlN=2Ct#KP$$&ccY{nAiNO`NGI
z>xLR;RiD=Y?Pb1;9;mNBX3#sT;-HpBqI#{(ib>3N<Qs24sKnb>qKX~+dg(S*2NKhA
zm<FD=z_V~rl@@v%szav{wq>39d@}CE(&#o9nG)HGTyzb><(YF<W;DDi-3DNuz&m2M
z-_sc~7&y+5{<a8{O)RA!^t8%TizU|zq@(JfD-h*SqduKxEK-^rjqBws19DN;xCal0
ztJ0NTj7`&gP&piv3DVUwuO@`cz{xK}S7`}KqV>L(iJe}ak=YvVK3uL77qU2FG0Pcd
zSend2@L`7{xn>!hrD}T;gK9p9We*x4=2450u-hDidmtfS9$<1jpzf_$)-AiU04Hk2
zY#rV%wa-G@gO(-HiHx~>j*od)gKZ%6ok`DXS-2%dTh^4OX;4kXz^0?_Y<&WaY6z>n
zeG6s)hJgAqp|)WN+UwWo;d}kM8jpZl4c>~9>BIu2P`25K-LEM{=0aQ5Xv%JLmPm{a
zdUJ7ZeAm^YRcMSu{nfsTkroDg72du_3RQ=cDvz30nNFpNM&B3Uy??whgWj)}RUh4a
zRpk+~Q5@N_jG9CIVpF`mgi^5a96IuWD{(+%S92X1t}&}H2*(ieshzE7N_+o!SkFE=
zEdw4LhYO<Vo5GeNu~lEo92Jn`coJC|jG*n(saxkVvujRm8V%HDFrX^Z2I!g8Aj?jD
zrNUmXB>Y=L3pWw|9=xXpV5G2G;y4U)5sMkz5~vG@Kq*tS1t9>DsVrr3N|O@e0q|>d
zXl_6*+1!@;SLAP6D!q#S>d;|(ZF@m)`gm>HKy<o1;4vp37i|-^G0+FC*1En1`2OSR
zg)OTGNH=(leTxP5kB;ny+j=Wof-joT*Pk2v%M)m<_t)K5{o~#qM)_cvr8NX5>#9Pj
zzLYGNWO_q+eh&WQGQ?$CX8P$)_Q8i0#sw1QrI5@vVofQ=q37&_BfHwza$TBPyF8sI
zDpAUTU8OBX;^UxKn!G6Zs4<%uA`n_)1)4}x#v0jy%&PX)s743u6UM=&r$s*p7Xm{J
zcBivKu4m$Qx<`b@Q_x}+OtEQV!Bl5;>q^JFK}GIRGF20s5_ZeNB1hbj&M!%b`TG#x
zuwme^J5Iw$ARzMKvxOQ;IyOYlg_E=Khjk;2@n%02x($S*s_}Q{BC{|+T^R9RM@Rm+
z_(kPd_RA3GGK{)%jF5%vxhk!c>hh!3kYd2<d{Y$+-l0uPGc>>#e7&#1*KN$1c<9kJ
z9ee6jeO<5hAJ*|b)!Si{MpwZZEn*3a*^1>^8RDTf9RZ2!&*~>S1Z<j?e)|etN285q
z9E%=kvVfeKIWSmSUbaRM*9&Xb)ps;D*`|**eqO(>FDY2=PhP(!DV}yktJqBoUjf~&
z_I5|@!Y!GxoObkesR41T8@>D+jIMNZ9>8k{`i(A#1qZLN(tcM8k?eH<;d{BBWjw;9
zCgZ^^JHJOyr2*#v+w7_~4_-O?mcGGz9V*EUBwznoAGUsQRPiLDK!-pd_0()<#M;5t
zsTBReTx{3Bp_(mMF(4P2h|r~_V|h)b<BkbOHT=;IsOI^&B@%dmO%yS%wkn!w#~JHZ
zVQGsUt6#G6#!yTOx<GeKa7cE++g5H)mthL~o;EfN)KkHr`P|h}dr{R*!rO7sH#fz%
z#zKFz33;FvzLe8!!SbIFgn3t|rj;oJmB^=GQl(>v%-{?3eUtI}IvMXx1xRK|lSl_X
zeNNa7(5Ejen#wYte2Zy8{YRH78u#~{NKA2S$)X*nFWnxu7x;E>Zq=B&`O>1eSGk|%
zy7}%RBuH+mq35`a_{u=1b#0V`jvGOPzO)C(m(-3n6MkE?h9{sOR*9>alPOEC>r$kh
zyRQN~9$H#I@lLE%D%$DgSyvGzKY0yW-%tQ2%pwU**&+=NUjy1_Xp&!FVC-t|3VqkH
zNSF&DnTUu<du)8&9{u6?E~ZU%WY%ZRyQ_6O?w*dWX;Bk(bz@y@%4o3HGy`>^hBs!?
zT`a(VNo?(eeI?A{p*<@AnEla7{WC6OFmxLo5`z@L`wrEqOwB$6fq@mZbYx1$xoJx3
zHVqqGtWtR!`}$collq>Wyf1Mb4qAoHrkp8F#?xVdb~xl@1KXo7SsJ>`#YoDo(-y@E
z8w_tc==&bv{<ysZgng+bPq)?&==(aN`q~loJ&$vsnzF_oOW0Y1rlzB9Z6VY|Bp5ye
zYzqU8?1X*yu#bEAf#sykjm(81;vxYY=@?QE4V0R}6SQ;oCG7*7%!H+JzT{A759%^V
z8Bfc2I|z7K<>|DHt%IIC)3f`7i38+JKAoS{f=jFA5$rkiH7*U0Hv5=2Mk-c!IDpKX
zYZ@c{vm57o75cpjRCS4wFs-D|Ram6$#CO9q*xv_Za4w6A#5`n)WX8{Fs{m*NtzA*y
z>)-^9Yy`7zDT$}8$2vE&3ahKf;9JM|c(SQdn=PbiG=|oqJKAV!l3&^?5gdDpgU81k
zWN2LiN=F}?MfR=E(bv^EFyysTn$Za^K@<>5rYk3}8;$+Ih^j)5wG|m7)~|@m6|t0o
z;XhuRe1e*}-;UmwRP_cMRs{t4N=&nl_<ndinOF(Ow?an0ho|I3`@>Jj+uKw~7BziZ
z;N_^vqGl;dZdpGmSV%zo!y(j6%X>m#O&L^X1JbZSxDGFyXa~2c0_$IEh|DlQp?j0@
zoVgLBAbD1!{b2ZJbS+LiYi*U_cAN%(#;K?EM+3Dsf$H~{Bwk+%k$-PTWJ&@DuV0(Z
z@s-AUhm9yJR9ZxgfF@nXx(Wx?2F{qA=ZBrjc2<CWM_h&(OKB3W$&BSUj3rgeY1<jG
z^0}cLo&wCVE5Edu$F$j7=P0*mNxlxXey>&(qZui}6XFINn3;HTgyUMBQb6RaDtu5b
z1S7g2(OyS$D+;aD`jUbxeZb8tHAC@agU4<TcGI9|L6b48*-HNgR~e|LViQnE9Ta(}
z@~a_~LF|G{zE2PxME}9^FxY$Wd4#y$O@6O7RbCMXc*l}*nX^;|wy_Odxg>>d{+P`z
zacP^0afFC=5GN|XquREjxuR|#U58J#8GNWxNDSpxW0VFjxf6+FAv$Lza0E{XCG$eV
zZ6a37>(}I`mT`B8o3<xi_qCgo<N&jpfs|qqrc{y{E3<Tnk{3+SB}g-|PC&8Jyw2Fu
zu`}AFtR2D_xBY;s5)EU(LvTwR53y1bmg2^V+{d8xCUu#39^y$=v2;_ZHtDZNF34xX
zZaSo;Vu?BjrC%9?bb#6_+Tudr>Z7&N8=w>{+yWX)F#c-S;Z)`sPrqQ1mO4^}*;`xr
zodX<1%&%Cy#^`|(a=aGS|A8^`xtiCbB!#aO2G%?3b-Ud`Z_w)v2cvpn(C!nRt#Ylp
ziMTQKcHyi6#|N)u(|^;=M3I+9op}KXMLISCkCmtJHrZOoTYUj(Rn3|k<n*WWG8o15
z>M6`mHVN}J<ptjPRyHA3eA6v;C7};DJP()XbyV$shb3IgQnT>Rz6l~niwRFm?Fa{d
zV+lEhSd#@~7_;_cfN1j-108?^qyNMy5Bn-#a@kdnW3k&Vm)(+18)kRpNhXd4Tk25i
zWIb2NI)&6VhaUOX<2u@G)<jNPhCH>TCA#{!IXj+)h6-4vt<qDW`3QWW4pAds1rl5x
zj11Gcr#P*>=Z?|cf!G1rfRx#O(3u9^(TnS;l^zWZMz}9(<k6vP+z~~NY@!88NCyj_
ziUR8g<xUd6FH-5z#0pfyM)qjcO|B!J)y*r*wUybe(5){F?s)T=JJ;!YWww}x9+$e@
zyV{nS&@x?%6HxmJH@FcE9#6&=T;>iap>GwKTB&`-Z*=NZ1sl+;=?1y-6a#ruWZgO`
z-i1$)#S8($5jc^2gp6BAo43FlXr#b4WF_3k$*e1tLO0;~U8P!q(Wte1wNE~4xRY7o
z=PVrcj`y%(i!h-i43q1n%Qfn>VRuB3{NkJY0t^3>pwV|Urb$?aVMr6X4Uh^cmaS3?
z@LojhLO4|sePQ|$-qU(Mos4nS3Cg&V{P^+X#le8=(j?j^vo*2d!24uzd2wnH<2^6q
z;U*S7g$?5Q8p;5^ha&8n0m4Q$xT<$4{jrNvyxE1{tHT#p#M6oOr2D#HHAHQxU6sJ=
z8rhMwVM!Wc6DpZFSZ|Qkt0Sr{cCuEp+{AfAi`4(a<atxfzWJ17ATNJW!s{0#K2tYm
zzFsQ-!CG0ph+c<0RT;e}g3O%j^mLm=Ei75VOT9wFUW?t>oJUXMTDr$;Hm-b~3XtP$
z7Tbl0-q;+rIv?`IWIenq4hxPvpA|4u*cHtB!Kxqkq9)iN+P-YHKS#z;2e*(W6~)wx
zst7l}p4&=~O`DFczUi2&ft=LMawFfu$}ZXZ{>}dZ1pT!>H4U>QD1$K%^9mZH>C(4Y
z{IN0hmujPum57*^(?DE{7AxI7sFW)rItgKFZv8;fMcch$`RxgjZB%{3S+?##UvD5H
za<_VI3@A06CdIz;cugcAni3kPOFCmZZpZ=y`QifA^C)cGyRA4{D~M^Xs3GDS3Z}&4
z6xwWnCLn7(s5bMhbP{%Cpxr$-vkx=d9a4od5=6oYbvUKf4a<QlNt1ACaLrhRv^oPY
zy^tj|<D$ex^o2z<MGfnP-&Nm@IAypQrn1Hrlx~DYGIgKOWx*3H>rxI1A&Yzwi`t2u
zIhzKXBx4JjfkUf;oNjaTeN*$xoB(-1hQE|H&7!OYj7T=oiYH&#it<<*r@8umCBiH6
zM<V8Ppiv)w{&-<cjOe!m<`2ba0+w7)b(G@id9$vIm0D)SDs}Uu)xxG3;@}w~nXsF(
z0>6k@YyoG~1^*NAqQmXN{|CNE0J0OVW5(tb(%><pEV-T@yiKnEOf6GWi=_QoP~#BM
z6PYdlgy422_Nd)`y9*jq6(7H(5+DMVe=jWDC`j)Z)uTBUL>M`e&z`Oe4CPQt+79q~
zI^<sCJE6I;EJ9(5%4ia`C}>8LT;puy^a?EGp}OjbC3Vd*XJmQ^4k*#S^Ss(Qj-YY0
znl{JPYL)Cz9f2#<Ty7}l{g<?o&@dBHqUpM{f9n}!P(=7ttY)wo){U+Xj}9Q%Ct8TC
zL!z)e46s)-BXx#R$b84vmux;Y>jO-T5_MH#hL7{GfhyGthMi6qfvI$4MwxzxWf+*t
zh`}%{VixF^Zk9YZ^}!rI#}mU&Z9fCmj}}riH#^bB=8Tbug)!AgrD0~PT#0NQkneQ;
zbEk@7H7pvDm26M_PRAIa>N7HD6${cTPSWHQc8<VVm~(b`qR({MAjGU${0lRJUZ;a-
zuy{z-*@#LMSmW=U!lRmK^@8Cz7)^uD_n7R(OI&b~K=t>1v`XT7Ed>-Op}D0e_@fi^
z8o(e_%eT`;8BHBwp0R4YIGQ^<pTQ{D9(U-NHTPV*D7DkQaf+699N;Bb9-OBlgcp}>
zw9vJhnk2>J<2HKOC2tU(Zjq(oRNbyzgd&C`QRW%Sve(1=^*X9DpDsC9%=m<Sp0*@H
z0tTI~Rill^k|=pYDcA<<+`^Z42>FYKVb(mUJx$RamM-0^2G-jvCpEmsr25Cl$Aj9W
z)FoC&S>M`PJUYzBVrp6xTDYY^naY6-?l+Lps5X!fEGJWSYTiQaPs7YDaP=kl`E=TZ
z2Kz1X;PrBLx=@E#6uF_Nh(4s5jX|7DGcjWl(#mHHcMMXJ5MZdUv4uu*T28Njzv&&0
zYtyURME`&G{=K=4-0ByF^EW;PN`BvC$q&1A@nsx6nW@sqo*C_UY;DV)sT@5n6J&#A
zN6iM)Xi8?HeD_mW7XW=BMay=QUA2{}j7g%=3%7-J{VgoB7@TWhu53adL>u?u^WJ?(
z@8<H#XOUd%Ncp{|I`5wj(#KEJgMrM;1n{9~7keoiY!VZdgO}i}?i8jY2m{AkfFH96
zgeCvrt4tR%Nfyg$s^$Oh?aNm$PcB{#X=U)BAT4%Wx#?+Da&{aMD@p>`Zf0&uD7nlI
zZ^!r;)wY*g;GGZ<G#)aHt7SZ)*boVuymu-*AA9<_o8qunu1h$_g{yw|=2?Fy68UCP
z=kxsUF?K3O70@Q9Z4KcUC_>qV<HXl)O;l0OFn`Ya$p{`A&bJRH`Y=k~ewPmp|M+~3
zg|KJ1&!0Z)1qeta<+nH?3$PM7{~L_Qa3GiL<Tg@esQsYX5(Egio!Ht1z6IChSV+GR
z*GFliR86L@bzv5HIsHgPKCr9OF}-AEmKFKk!fnQbf8yC14!+-x(mVJkdm94ZL7=|Q
zu>iT(H{j6va$_@NG9hFlf1`-~8lVrtB)MDG6uF-%yU?H)%hR(o4B#*xz#8{X-vFL}
zx7T7}jE@#!7r<WoUuM*f9kvkxjqS50)3KL;r$oSOedDW;M#sfF6$2h;&&eS}^8wTI
zxH%zfYCrX^=+U|fX@(4eNK6L`lB$5==k+Wv<#3Xhs`v;AIWt`>7>*POYfRJ{WUoHL
zo*b}xPT{5F94E><x9xI-TRdEOBQ)JF7jA~0r-x}<Fkrh(qrN5<D}`0>&UM;1|EME^
zXP{b^oRbJxZVQw7YRsra`J$u?@KBBlEs_Wl?yqJ<zM8SluNh|2b=9Z5vg@G{vZT0d
zZIp7kFqu<l&H{{ER8gDiM#9SSd=47VGBEdzS|OG-S-$=3yQ5hHK5PRCmqwkLQd8|^
zMlklvC1mIY+LAcw$UTuWRb`3OEV2lP5fq!;B1ozu!`+L=WV#)8NC2FEiy%`$(HX6P
z(NgpfTMlwt=VSK*h*`$co0yXBbmK}$Uu+XWq#H5zz0B<=!w{dW8v%DKjno*jSV?A*
zSP|YHlibga(6@|b{z6XxN5JVgYglAMBNj4(^~zzRxo%q}&bR5Q)6cMDr5i>I<WC^m
zZ^-GB=_G)RGgCNX3t0OK<;*DM=2^zcZwLn)>ziQ^Zm*@p82Ta?LQ5Nx8wi9*B8Vys
ze2U&I#8?HR@Ip=TtlBXH>IK(;yO|SjJoG}aHypvw?ZAchuh(k6AYl=rvgKU;6^bcW
zb*$Lp8{rvFuETs~Gr?-DIEJ~p(jFq(eOIdMd<q=LPkpZoK9Q#wRsf|U5b18ds8=uY
ziYrH=uVlZTFGz<0|Juhzr6>8Pp|9dhY+`LRd*@Dt&N>0+)-C9J0@TNjC@dhV4ovX^
zL|_^&Q7oI=4b%6frv2a))N68&zTv#G2FmYne`%|I$cuvUI*r^7m?bwLN@u=9$BgUt
z+_)=}<KxjNn_&8Hb1I^u%&;r54z35I{?S)=0N@zHnhE?m=IQUxUdY3PgBa?;#&`Qj
z&(w8pDz9h!me&ZsHl1R!7kv>2IbviL;9p~MekXrDWX}gEJny;i3<Xw`OB_Tm@4N2Y
zNGI{^dA~H9y}$onLV0d?PhV>|w*E~%Tm~m>7mBv)nxJ8J%w)2&=Zh?GG4njsn)d}!
zdc`7;;G0{qm412yfuv}d|1*NOqAuw83xp@pvD|=9n1DUN+b|q?K9V>T{E)j~Qz&^_
zhI=A$w+H+dc{wo)uVW&pjU2|IB*V{@Q4vAb$iwu>y=2*E=@B0ahEES!kr2Fuq2C;B
zeVr@W8Zm${Ml*WU+WRj|3}zV1vuwKL%bhG<-c~PUoFSDgDxEOE%}UJ+Z%;Ykd(F+;
zPtm-!bN!>J^79x=KvE3z*?H)4!^Xe~_&8nW5WUfi&7kT;4cK&8rC%Y|7C2QS=t0hP
zJ%h4<A#Zs&QZ^qaR9Hb$j5_#C@U8=+JnXL?T811-&1G3BI0Dm+^ru=^Q02foVUTuY
zVG1fho5`A<k-=1YqAPH50N2LHQCKWDP7m*sBM*i38Ee*ODeVvUpqD(~@RFVcx8D?q
zWbRcRTVP1w=uuVpec!Fy{1iN>+Rg#2u|QDIQ8jYVA6lh&7+)*EnL*|QRL^R5>+UK4
z#`T_XzLcYLh2X}xRlG|ts#jO(>9SB&XBd|6m1rvZ5@T4J1C6k*j2hQ@BYJ|e8{CQ<
zq(@IW0k={A8xAPL5dj)cZiA~f6lxNQ*Uw0Fb<!Qw>+9KOyh9jxDei~}dK&Mw$%YNx
z5szRpsO}{vvzSR|Rry65DvcxvfVnP{C-;RjT5)6UUZN{06|pbV2_4}nC$udvtW2t^
zQotr=#@67$LUb~`dg=D(F#l@F$-7#OXK8=Q2*UWKP|6mF118~vY79i!pfE83J}eJ)
zNzx-BXtD+EUS@*f9maBD7Rw@_n;`E}i~QrV%2DFB`8;=<o}=zUaXL@82=FvKW~Vim
zG^vR5o!7P%21Vm>9clEz7fvk|TzIIJ+66HosrUo^L7d%BC;!`~^Xw1b=<nd*;NaPl
zC-C2cgM-$851)MZ`0*bOpFDef^yJCmv%@EUI5<3f{P^)7<iWQhDE?bIdF~GfU;M82
z;QkN!dmw*ucL9b|o!Bd#$^X677DeD)w=wpFc%khgCs#_H*M%OSu_(7_)yJ}3sL#&l
z05NMug`N{A=>w|F0a1ExKb8>I?9}#2rERcc`RcrYRtGt2Y^f3=GKN(ebZm&&RG<-b
z`}Tc~G`eRTH!Rr!FBZz$8&gqS1(HE;$NXqY|Dx#eLQiT4+c?L9&bq9B!-yi#36$_D
zkUWG?i5ja!sJX_1_f3FpKxy<Z#xLRMMuq0u?>sG3P9=~1giTdmrb75ppZ|7h<t01&
zvEMA%^EjIbpU$nI7A?4{5#}U;oi}8x?N8L-_Up<lot!i?#;rvAb2E7e{KO9yJdUwW
zNbgS;*EXp%7^1So&1J$f$qBl4Zy=f>$Y4kut+0L^>|Gv-b;1x8jjgoRWu3~4oJCBC
ztQrb1;`#N@t-Pu7y4EFWEmu^oA>cg{8fgA^u3GJGHMH3l8Fcs1HagUw7LeRD@a4lw
z4H>o7Lw6+3e>=r^jZpAO)iq#fyLTpkic6aOkc6}>_Y0!x=Vhip{owTGiEz8swaglu
zNe(B*;N8Q)c)mUa0Jrf@X#n*Pgs&4sJD)B{q-<hLOwPg3?K7MTcd=NCPod3pEW~g)
z6mH{;>w<Uu;(9E5JA=leQR|0cv#F9|;8fTbJJAyq75w4D!tjC>7<HwkU82X1h=Ah(
zrvXaO2Tw6gJ(12%Vh!S?`ER-HSR@YSL2!DbjLj>H%#BKMv-Pnps<pi0{^<dRPWB1*
zZaJ+}+rg{hwqjM8ibnGisuHrqe~gx=9qQEWAj~C>MENMrD%o*6dt$0lo@Kf`rW%KZ
zF@(zyphiicZ+CpmEx1AF)jP0FCuUh@IDao0wInJp9_McKNy0(5Aum1pMFhnc71pfN
zq|)9vgti6+Wm%)zZ!?w2k^qo>l}MJ|eUU(41-d)40xIOzPRFWk0K3d>TSFopDsSjY
z6!~yjnp!a66XY-`o5vW6?vWUi3__*14ggMtK=XkvffmeUBq6{qeaRVC6mzioX1+3-
zxa=RhH}~B$L&V1_?r*U1xC<o9cpFW;hlh5@$ker&(;4~4Kim~!D!CpLg%v@tNOH4o
zP9ry4-@-O`AFk-0O#b;#ktB&wi=1MMj^*{CxXR1yxXmNxx>k+>9SaF}z_I+tKY|H$
z2SSOPuX(NJdPk=6pZ}ysz>L=Sod3}`kJ2pM3#HuQkcOEtS3Ae?2Jil!Ak$2+PQ=bJ
z?dJr3W2JQfpX_ox21P|k!f(U({o@~r&kIB%-2`CphNJRUmKX{kpE!zLb6sXIqrguB
zD<(?}XzmhYYA}?iYw~FGH6&Yj%Lzzp<9exzcGFazK+P0-4`Pbb{0t~7biTB;sPwf)
zvuWKZpdT4kdd>{Q{})<a6BXjlgoV~%FHtg%5f!L>l_^CeU2&Yzorjbpy~hW8Ecw5s
zd`Z{|+|dr*f01b3hy3%u%!n>Q&bl1Ny$q45@&sX*KD`-r1hB=xO(j?Zr%Co~Aif-r
zxuB-}>E!Iy%NNJ2SS%nqZihm|lGi7{zQoJ2Me`19EI6x<{A2fj>1gYRVVhutaGIuA
zYeBd#=X1ol$88L*R^xPj5O|dw-r4sMVq$U&nhZvuw>1}>ToR#%jt4fUJC!dqmREOI
z5R7x!l863kMsf>MVDq8fFj_%T8^i~4x7ulpyl>?cjwRW05G*Sa+T3d!_ZsiM7e6K=
zHNN7c_;ReRM}>A;C5nKJkXXoUj0@unanUG~AF8&UIW-yKNtbgqz`BFf6?6lpLrP};
zD;Q;zN6W7bh$RD=net&ByuVNiKSV&+Mh?%)ygp@b{m>2spBvCFsXrKxl^>x>(?>A6
zwI7s|yv*$^6(Vv+l4yYOglN`l)N03kNEDx0o(h_g6$T-G-7L(MjoB2JKPIt-{bn$1
zisPXC12pR?VdsW2G+f)|f=pi4O;8kRkMMTUqWDRO3kHg)2x4u>S==PQo>gW!o%wlB
z-CCm~F{&Ry7y0)Hch)w0lAp_x;MbZx5v7#aNM1_iFXqNE{Q+y6DB<E25gQ_?-fIXF
z#nS`MRCwsLQg-&rn8lB3eD!8Bfg-cuBP%dFi?jS9iL*A|G7kbIc6qJK8cTiYPdUZ6
zVrPga=ibQt+}%6?&I^V{A860_2kx{^Z3>Is(>Xhm^SoTvV30qfQd`kD;q6OEi)s$i
zOePpg4WU^BNj1A@0!6DlYGDvWjS709^t>$jbVVkk#@;X$HHs%I-ritoc6u0YS*KZ>
zGKKJ;!fDRsiYLRVn3KHB2BNEIq8W#zf2>r~wCDu;S<@g!<=C1m8u?i;r(w{Q5GMgm
z8Bh9A`g{<J?|B^S=1nI@>GKde6WI(zh~5J$o=>573<3js(NNFf1Kv1772z;QSgUId
z+h;D7O>!$M6%6+7in^(CpO>8q@fWDuwgMv%Z9}T}&f_?~EAE*Dl*6N^-#tymyT$}i
z7AGp@>wAL#^McOP$CT7UCQqD$nOZD#i9pfrvtJRvy=IiU>Es?iJELVS*jhyXP^dE}
zvwQ-+(%QF;%89c%46hTY?m~?OmN99$iYHVq%291iv1E+CIvPdZC~mC+iPUZwj2%NN
zH7_D)?DmBb8^_$`8{+yZRc2;htccT7fga)Qrl#Z@)MALTPr5TDID(>bHSc1x7H&^}
z!CcliMjD71?H6Oo)Y%7*#6Ly&NRh1vP2LTh0dzu9!A(E-V|4p3>siWQ4KWTVnqN#Z
zD^{HnOL-~Bg;o{dAajMe95^i(Dnu{|8*UR6dC>8wt*`&d5se(egxIEIU6l|_g(ULX
zy<oTq%CxayHi5l~$DL!yFR8^?Ug_0Va||lIdUp8anL5<j<3ApapFey4c>MTababd6
zPxR!E2T!x-&qfE?QTD87751YEdhqJ-@ss4$;giPzRRVjFY!V}lM}#Jc>z{K$1e}JJ
zQIzM--%Ml<Eh??D74JDR>om@=6S0l0(bgXqT#uRmFL6E!6rGD--fQn?wX@O*T@hZ5
zRRA%LC&?2MTznh<npFnAjgM)g|L^GN@zW=VZU5hs@1Fi&|KGpj&kGl(inEKwWzV<w
zL^IrT8mzm~7rIO+HhN8XM3kCLG4T^8M4z0WQNdOa499ALkpDTCcvKw2r>gNRul2ZI
zR(K<L-DYG=ZR<)cFbNt1ZRZP9Ld+OJB~Tb9jNOz{iOcrrkN5W*)n4~}IEQDv;?f=O
zFj-^++mj15zEV?7L!pSDcd!2Y#oPY|8^lQ2nV7NhLaHpo6tcDXv{7Re(}ak1cz7D@
zq%!fL^hv4an!OY9T`Le7;y*6WD-D{I&0*XR7V+mj*WwJ{@L~4>y$im5U*`V%Wf}kS
z)5-sK9Zl5V@cCBo>4)71Es!&46)6L6`09QT5TX*g&-Wm<`tk+IR;~^Ga}TVB?l%hN
z2@ktgBlt22U;6g%{Vm$fSaE}c8pQQXhw6O(XY2!d>B)9!g5kiXf3wi##Vnt=j=S9@
z%_ks;-<>4uo}iJxU1H)PZLkl!4=Vg7p>L>NGvowA20!dRXaXkT*Yv~%B1tfKF9??q
zp#p_xKI}fQ)Br;~6IEtd>w+rNP%plAP3*k!U2LdqgU|mGsw;iieGpYl^6Pb~s~T`9
zaKnzHkD(2AE*FI=HN3s)*}<7`O%iAVBy<sV{a)MD5jX`m^+GgrK&Lz_YdsBg=&B}M
z)hfxuPyFQD7ZE>n?W-&aUr?)t^~b_d&Ff&A;JG!nJ}GjnQS@MD+?j<>ymn+-Y4k+)
zmZZ~L$c*ZJ&a2PK+8*9pU192s&Lqk|7EWBi`{3Y#^-suOA>W|?xdf9D`0VJpxsK`~
zCU$HVI*X0s?mSVeq}eKoT6t<v>VKj1+>{qOunU!B@SW9lqit4N@?3(mzO;Bu{c~Aq
z(PaXsD=RH-ChFrQfyXza*FWq&;95(~AAql(cDH?JcVcdWS8A9;H{sMmOSX}ocb;Hq
z>YgW?!SVBVuP#39K0rpoPtEHhw7+PS)d1GvzDVc`zwbM;MT4rYgwjXbJBF}fxR?*S
z4;;hS<#j^eG}~e_!OQLw_(SWtL|*<3H*(P=4zKCro)jgA_ob=*r2bS_<XG#x&;5j6
zxiF&co!+w*A`H{!_!4>f=Gv{ezWK2Gz|cSGmyOa$M0flBuMoMW=jDWHv-Zg*u<D9z
z$2}co&@kbK2{!b1C+_RQkl|&PBTwSJ%|9gY1M{OFPfi`f8L6@F$Fm{A;Ni9}=PEDu
zFMfS@?#?>^PR;AZ9*S^Wm(f>clzHQhS@;%Co`4q3tHvGBYHH-^i<Z>l4rw(t$vA5X
zC&*mx20!2E(vMN@P^x67?H8j+LU$KhL&VBV7YmqD_?Wnl2x8LMZ%!VLw35U0@Voy?
z<r}EBf)X8vsrmS9EX5K%<Z(QOY?O<am-L9vya{!#>MH-VzG~!V+<2-f=`$<rKJ}Zh
z`vfYb#f4xQMIPuO8TG5KAcJmtL}95$W?46@1+Z+~0%f)2U5ik!{4ZhdMyvQyUJuAB
z{S7UE?g?G_6{3`HsGwA=(2hK*6k?JrE3l_U!HQ^TBNfr7;y4k{)}|uhD$<CAco%H=
zuHEs!OSSXL7?9-Ev3)W_siqNXIA3wV<*-dMJrP>47g}=}F-pt|s&%ycBP~0MY2{29
z4$CStAJZ3kM^YhvkdGd{%NLIx9Yf6z!snnPhdMX<K%5YOBX`QC5a(RqS!Jk|qYiqn
z9Zdo9dxAsnan0M6oy6IMNNW8ukXB#AWv?;>?^XpRI5%;y$;cO3_<XePv4<q;CQ>3g
z5TsH<@>FCP9YX$YlwTV=FDcke^%paC4_&A_w;07G>l-5*m#-Y@!rX9K)z7+mDF^Jb
zd+WZX%XIte*3r3(1_D*=$xEwispK#i+4~Z__>PTW*%5`1ov?Pf&=sn+seCsBM=|Cg
zVp3j+fv>bX2D)VSKydFfRSPL^ay#RBc6U1j?SzQ+kw&-$^yc|@>w39Jg?Lkrb+A68
zhuP|SKwiu^-Y@1kjY_Glg8&|H(Ght%H~c1n%?-!#PSD)pM23QpGld{-;Zb%SjPcNP
zjXFZGpI*sXKAjb-pv}0^Epj~uBb7Ci`bM#1X{<^NHpY+(0U;OVaz4U9%-}P-Q7b!;
zSm`cD%O3cemsTfZ<T58k;TY8@FI5B$i6A#*OL1M0S;=;RJbVJCs<dcaO|VNs4fPcG
zX1rz8Vo@1|zPzZ^d5;={?z|>|h$`Gd0XvN|*3uZt!UJAnX$m(1JUBPsNujTG(XgGe
zt1LvK98)G9O#!W$TLYiCZYub%yWCaqbnX&adyOpkDC|V|;C<+_+XcCP-Mhd&*bL!7
zr6}cZhCyjf<xh+|MTKYvRP|r*tspOTdEKMg@sve@L@oOvMW*2wp5^CdV-<EAq#a|{
z`f!i(8E~BaYrWf3C4-nf7v9^$V0~l_hFzUf$xDQ;RG1do)b-cNl~Yyg8?{P|wJb%l
zc@(S;p+_<(?8BUOzh^TdihFxOUP9Y?>X*{fTZT9RG)(-e7GigpjS3w8B%h{Z{$aQ$
zp+-G8AX|+nJs4VGlp_EX&rG33^RPnLK=YRDec^B~-c5vVFLa;Dg@wvSVHvt+C#`LW
z&OtW`OD9YviPd%Du4&mr!}t3ORnPWov)`R;qMcwe1xaJ*yI+oMo!3hY`cxr=rMo#u
zLJ$GkE~Ix$Uv9~-jrAC!Gi7I3AFZx9%q}`2%_^c7A)eHC<)cf$QOe~n!Dfe7q2r;Y
zzKJ_^hrujs2x7u=&m1z*s?8N8TR9fxV-=|bS!oQU!M=wAuVA3a?Zu6A!2S~E51af2
zBq^hc1AZ`+R9wdkb>kMN<98-8@{)=|J+vYAhI|lPy4Tl+Fa)RXo`4t=Pj8A+W@zdo
z;84JX_zn!8ijkpG$=MnrAR_{b6J^K7!5J8I1u#ER84AZI9yYK<+EE?Bk&-*<)7I$P
zuZ{fMG9O<RtDx^i5!_LSRxsa<WbF7hcb`Ez@K+4GIEocsC>SM`6#2EzMBMd2-b6P$
zR#^q3e5*sZdl{?-SR)+Xpz=I`E%lksBOzWaJtiSDp<x@aXUJ@7(dix29^;4wP*a;J
z69gL37X`$1AZjD0x(+YkP%TpiVo}3%%*$!?V3j`)mUN8uZ{BwBRckcI<Y}vx<%xZ7
zb#*Lv+=kl`QZA}|uBsI_@lJ+|{tkLx6{US_Zp?XJvgL$}@s{gZrFA2S3z~$WJTEoJ
z;#R`7gMY@m`O%~Q;mDR8wd6}Tp~(ff)O$ICw-W53D;==QF=0qSvDKnTMuoY-vYhlD
zI1Vh4_y95Tv)|;IPJG^er&=q>L^08bT?fG8Sr`7IN1!D^dLSh1N4J%FLJ`u&Jn(jp
zZV3ciAjw-uswo%dG*W&3{QM%CT6WTpmU)p`xm-xt(+fuPil)3VVWVZ46^M$Upnjxl
z9NvO3SX|&rS$U(2qB&ztlD3$*PEBf>x=j<;Pz_r{#@skF=ctOKC!f9xs1uc$V~1zu
zxOXDE`!m{K(ct)XR2D*wujqYwZFMnW8<LRmLyesV$=U2W<!ZbGf}%o5`u5nys(e^e
z<Y-$;=Lk+}N<ko`UNXuOfEJ-yB!IFKni_sxtLae0g=Q&o4ACrrWa_%PHTcD>oPeed
z5s>$GsWjCW+2{9<6u6O&;U(Qb>l?!g?J+Dh?>jf#)3+}yuXPVlh!464y9P`fNnXR2
zH8&|y3OzYLvuU(-U>{zUZrdo!d#<Al^P5`x8?xdpoxdK&z^T>^20`qhJ0P-N^N^_2
zDU2$f5+x^4%J#B_0cpR`kPl&*i`wp^zb^4GkPzg!PP+{@Pbn`OU?KM<XHQ7S2G=YF
ztepva2;m#@QYZDY448)4xR=N;bJ>R7?zZX)mznPJqq<Vw`ik4zadj3@+EO6osR-G!
zT4?EC;ID6rYSy0?#u5S$d$oP2Za8Q-f~*$?4cLh;uTzAOLC5wmE?<o&dUITk5RaTL
zcPv#=&nUwMVyjU?bF-1xj)a}f{p_HbM%YD>dq<b7^>|k1f5V`8@>dtD2q70l$8r^)
zI>;6a0#LnLMA8quE9EgUau!Z;iz2LTq@|e%L~yJ$V~#AXh74!Q%y1-Q#4}btfuiqD
zYY#Ywqh$>YdaOzTJf|_vs2`%h(eeUeyWIxGs(wJ$Aap;i%yMCcnKa0zlqH(%zM|`v
zO7+w?rn-_=PyL~#3(Y4C<+aR=#w|w*u#vM6A_W#^5I3TeN5M+$z{%aUp~kfhqJ_7%
zJ>p#NxmtPiHO>Q;qHGmvL~DwlfRJg2A)IBg67JH&T$u?gc^;%`H&1m6>i}AMD+!U~
z*WJ)p!mGz_1ChRh^ilG33eGOZ9&8k8hk(w~lZR3g*$1pscrSiC^#^ev;G^S~;X7<n
z7dH9|4y^l{SX6YBofu=p5RG*Mf}C`10pE|{j|ap8+&?Jb%l#888x9AMg^3^3A|G<r
z1|ys{$^iHjNCe=4bT?%!;J<PvMx}jqFeM1u1Cg-laFcq7vH`|A;UKGJX|Y&s1g9vM
z2q-J!?=bgkDF13kPEI$BK|tME+DmKCr3ediEDlp&Gy>0k>>jjnEeD<j%0GR5^6N{P
zGzvU91rBU&aoyHMrRfD=-sovyY|SljEmLt6sB+8f7)gV=xyq^j*j97`VGU9@(g{>x
z3-{z5v_1~Bf=mvX<vq19zI^^7y4DeeXs;BQjafqMGb)ORbu=?sN_|6ExvZQ~K`y+x
z1pxcV?iTc@6?Du?Z{P%>k5n5BCBQfUzZ)Co+q`hwQn3-l?N3N3BzA6RP$#M-2|Im>
z2b8c2Otfs2KS7opn3D%&F!GpF)NR9G8)w{z{`zR{uwqIgU5ugREX8@0?2Q&3`r^0Q
z#_N2-ZF888m3VWufX>OA+SvQ;kOKBrVyrOmqhvxOP8#Q60<XZJV*JV*HJV*v+~5{n
zp~%(h%A0XE#45K9xl|#>5415|O{teaqu{ueh5%{UDg_0XIbUoTRY0anfDNxtD=`do
zmP!jK@JKNR(QBK2+4<6f4$KDG%qcXOl1q3&g6lCNXd!jj_3kdMo-7MYH^p=6PfmEd
zJr?3oU%7WD-~z}tO1aCb7<$?;0We%bK@@!d_7zn6nY5&E1l%%|1sRg}c@g*)tD~H-
z!k8-|K_;moO&QelA!|n=)Flb{#Xxf6QBhKRJwAT^<jIra`av$1qawGnk3`b?Q6e;@
zWZDN(r_)pp{mVKOQSpTSSMxW8vUV7y!O>ged{Wp-9#s><A4tUFvTTu>x6NWs@}kz&
z$68Idc{AzPkjT0D&Fe#JHqqpSX_&wv@Fy8NUx-h2ym$yZhUn5UoH8ka?pEn#64pDg
zg6o>$C&)R>qNlPA1C(e&R(a61=pb{9SM13{A+2$tAP<Z3CCJR<ue!@fQ4oREY%o+D
zr3dM!{V3^Te-9K4Qr_IpP*c4dQ*x9ZrU&ag4yLPp*YeYTAgB2{2$`@tQaM<L4C*5)
zAx&jx_w;;^^)oUyqR$xt78^PyD@0v=2(Qg7Bz)|?Xmu;tl^p<FF(wXb!t}`n<4!7y
zje;ELUWrz!A&*<f<}N+_kQYN5dMlhL*RgP_(%p$V0|{!_GV*tMDtY_@$?b{==;P33
zgn}G9&E7$1DRzc^Y?EpOue}WKy)&z(HPJrk1%uSafO%8Tw1{N_mU|*#VIc^}UB+2N
z-sc@s*PDnlAOit=zhn$45p@8gxza1SP<hqPP@)Lgx>B590<zn(q?G-%g9Yd>4hn}Q
z;SpZHjHLa3?SGP2whq!@{6MtNsr8*PBW$d6Pf@Ul+rN!7{Gc}u*`q|o>03hlfJQqG
zv#>LBW97`;aC8*<Orz6*S`1Cy$9Y}YV-f&|srUheY=|<!{>-G^c5#&t0Urd6?nHN-
zgT>F@Gkla&ad7AD_q<?#Pl$L#fW-6e)dlJqK0p2ReE-EcXPiYF1iTcbF0gh-0C$f!
zFzm59gr4{t1;Yvn!H^<qF*q3r5>s7%bUh6bD;MgiL>C&@>oNQ=czG{gMIt}sD_RKf
zkcm^~l21<${wR_4z&Gw>=<)HNcDbn@gUwTdyyd1~@%Z_Z>Tpl~kB~CC(krv9<$gV1
z?9)=Fu8XAe?YOG(kxZ?uJUsa0Q<>Q1=&y2T|Md0uAR|!IyqxZ!8sJYdoDLsJWOZ{w
zK~%s<q-d-hWkO7VU_9!=VkHdDA9Fp)1pf1Vhv38w@cZ`YB1qA@QW>K$1gm_PAK?7g
zhN=cZgNS7j?FRI^s9sc55GY4O9)MC#uuO0OxJNT*D$g1kOXT~<7f_Plu}Hd8gk$FR
zy1YIXQdXwW$2^peFccyAt*}*(<-V@R``AAo!bZ3Ibz$91w;ua=rB_=$>R02ZW#x{|
z+*CSZ!BKcjb1qsAFm@8)v1JI&)dH^+Z^rauMKpEPubU39Al4NK)OFF0pr9YTdT|bw
zuAd(qJZ*+YMBfW~VSl_sB;;YRGjL#E3J8HOVJg6`-ZLMyF7#a2)k+Xe-Ld&5UpUBT
zYX<qu0}jWSDQ%3|Xj#cefS5S0^^0>7_dM>S6?ttXseQ6m)f5$<E3FqHrlM9gAccpN
z7%Y02shW|8J30+c!Zi-MrB@yktM(TStBN2n1$_|*{8l4N8{$JlTs%bI!pp@zjOvM_
zORA@1d=LSP)ZD9WFV1B%lu2$(mKGxVxm9Dq&3B|4HMtYe<ygT`v`W%*I#Y<?!jnY>
z5raB9G?U3NlHA-2MO_i=_j|Sd*1XK{!wq0PQR#?%2$Mi<3*Wc203J5U(XrSg@keO|
zwytsj{t5X7k%J;;1<hhgyE(zPm8KTpJ2ItTN2$uyjas3rD`?}s29;CEuT7psWncnC
zKIbp8)7eRD_vPF`^Ez(Q%ii7MdEVZNp#C>-dnt>h`e<$O5%!19K1RFZJ_N+Km%q$N
zx#3e5Fu7R_z$2U5>v76ofjo9h%$&RTyz`?jGbl*6^*j8d8(;QJK4?cb;bO-1v2_r%
z8{-|4*$MV7T7<gk8L@dgmBaPa6P_qlHmVJ>vQy87fIAID#O@lc-67W3RHu}RPD5~T
zj%Edn`;LHM9*SlG7UNUc#f#S$K}Bfb#9+~9AJ4%~$%Gufc{$zBN}DW9#;Nc7h$9vS
zc%%(<d~a}#^Y~Dj!=Te(YRlGeSSwUrtMN>GTsOd6Yw)Upw@kx&M%HO&d_%&i#i{|i
zSOAG|<3U)syBIuJ9sL7Mv%~!$d+!J3ekgd;a{SU7q>LtzDP@lok?dVe5}Qv;oi!zQ
zs4l9gl#;u!-@UpJ1R}sNVFVM)rXAQ*=BA_=A@2jAB1M<6G8eW${H@;vdkuBh({RCl
zY9|Xer1m+qS(znxQ$0F-l&n4QUXb{W1E!A49##YNbjOpCHUy})dto5C>>}2dfL??z
z($?q*e?;Km#t*c}XY_mHq}MYo@ImnDr_%3nS^#v0@c=@A?0`cz{LpJCScy9RWxV#M
z@%!&soW}XscfDXI`wu*T)B<oo6qYrqEN1g`=e05FV;Q<ic%mX)J`h4k0~p8|hkE$h
zdnTHKB_WKQp5UU4iyTa%D7XNUE})T%rG+F;@LKhR8~7Llkfey*Ay!o((-~y>HODm+
zg{H8XnK4$!wYv<LVWp{|?dJ4tJ+5JAz!!@uzgD&WvtE%+VL=xqOIagjvDgIc4<LQe
zGT64FKdBNe{PX1e3<nikQ0MN9Gus_F{=U#qI1bRF>0C9UXkvZ2Wdiox7Q{vm#jNIj
zGZXE3)h9)A6ju|+M~IiID)Kn{9YksmVYd6Hqx4|US6@AS`=U3cnw1z4xet_;3)e+6
zeuAQ?E0seM#f@<<DhgdrHI}vhwH2J<T{A!rm1#5Oq{!KF4!Nu)xJ|&#0d{C;2-S5x
z%q_8K$N0<*=JlBg3@H_f{E+~zGX@-2Fjt@ugwii7F5nufW4EUxhdPE)H@yQHQ$;3Q
zS7wDpzMGl|<%~dHfx8b-QeMfqRwWki)c^$`b9ZIIh5Q%{x+YtWq2hB?y}G&T9Eb=a
z(~YvystLG+mvu1YLF^RzYQZ^$j#owGD=0(>vO?xxVUKBpa793!2@{wl6wcKvZ`NjH
zOTzv|je&pk{UTO1r>gk60PfwiEUA36Y$0QK`?7m?wItRuc2u}Ig`v>cln+o0De*NU
zAmHx6E$ikG!ivBHQadI&UCG>vb}shZ-~olm$qP4)%T8<?$xC=#anhQmeY%n2WFFUy
z@|>K0b))4+w|mNIvHBS00KuxdXGcyDS}q{WCEBF8fkoKBBpCq~cLT1}_32Ujm!-S>
zVUTVnaDS7ZAZL;A@k86*Yr$$4&C?(RhLwg&9^%dxX2MZ5Zo}WG6~3OOZw`lsIU~6#
zs*Dr7K_JgJVvZO$l_=T`f$}_Ho-vqipCQ_wutB4cng`Xcw8u~<1a>%{cwe@d1}6UP
zrSilAwErOD44JO=xb}mi+Svs#iQZ`t6h&O;B_&Gn?chf1mcy5<iK8dRak&F|lpg$-
zFYT2Xn4K!(a&djG;at}$<vJ@(y(r{g?zt^0zF>>W_7)ZQ-l9;!zJW~_2iD|Pattx~
zLGwmi2?_7GiK0pZ6kZKcqH%BvZ0&~@IKQtA5Z9q^7Iy>jUc_2X^X;VTw2J`L>I!b8
zP|?(Y$U`U)Qw@>2l<p5u=cI4>eLZyINa_p5x8I8W(#&7A;%|9r*!v$4{nkt@R-*vP
zO%mE)@So!=yVFWBKgh51`k@Wwsqq3t*!zHQl9{>6OSBE5+UJvS3S+KxmMj;-<6Xn1
z$x8AkRH$dQ)lC{!|0;;htKf}(&6)1+c8h850vxW14~wQ`+`EmvGdD`S6HzKecnT}O
z0U8CC&!*W|R_<^OjL>=~m3|e)$Omn~2EZCh9B%F;>>Tg$!c3=m95&rKZ=EATZ@&L2
z5wJd=e@fufxP44S9K*bR{Wd{W3UO8jdx*RDy0eS<nl1aucFP!xo^Cp_jQjUPZZuXk
zgkNLILkO(Jg^0fR4_%1<(r*Ju5$>xA=jP9Ubjwzm<=81rf7W{8#xl>z!XM32ux?Kr
z^YpOltLT?nSM$6CQP>~6@S^ybfdX@r)72ffaa~Obg#;ZrLUF(`RJA7GL)dpsoe6;s
zoK^%GN%>rxCEL0Buut!1Dujl*`C{~EU+~%Q=>fU4XX{j%CNFbU=f3>uVy3JXyNw%s
z57~8tUpqOQ#zI56AKSirH;TU9c+KyOuTFUfPhSru+g=9rn8)a{Jd0fsqB9fNC1p-@
zqZik<hw1ASUU&27r%(9l`=Z$kXW{Y#O=W}Vo=2J@OZTx2%OG0IumvV>h?Xnzd0w{y
zMju*V@5xZ1u^cXc2oJx3dTc%<-`o8u1&cpsLFR2k7d1jNp*zIBi~36CD@Pb+paCgC
zo98%fD%o0_rnw;?y><5nyzI4q%Mhb#x%_rC6i}#C3Ds02(iq#WJvxV1b3;H-Wr{`=
zVeASP(&+~Iv_!*nbX)nEZx=xniF^}5p7f84)HSC<`9fP057SivO>!60Md9D<2D$0h
z2juLrP=2`)5s$7K$@Dov))aa#B-Np2<@b*}LTGyEYyyCHk&WW5PP7Gge)F}UBD*QQ
zRI<=hHD1Y)o~i2`u=Aj1QWwYDbEOufbX2A+Vly6Hnoarm8)Z<l)%Y^>63E-mY2`%4
z!l(?s;-Ke!|JwaM$S2VXvT9Wf^cID3lgV-E?s=r_++Z;uP%_;63th_`gN|YxNpe9#
zI3JYYYejC?TpTLXHm{=kUg${?=O$|?<ShKs{S4X=2n^K{oO+GHWEy?`89x?|Iv%T$
zF7+g@y~(zL>J}Fw#v9p5Fc^`|8jz?>JY0^$AR-|?d7{AL5hI5I7_)CxSE{rak0<iE
z&xv?#G6;w9J|+MGA<00EXSu$nit0Vv%FWAb?4LGPV_U94FOTobmfA^*_lwsTo!I*g
zDrl_Kd)Tv=f4=bcbr5_m-B4dagyM_W7pG1(-?+DHWv}c$couSW*JE${Zu-I5ot1Wf
zFUCipdTnlLPkz7fm^7658wxnpMlMXoKu+yujuk-tZK@RAin3KVHdS-=cT-}h{FO&#
zbKG#c%rm{uT_)HiREBU}rn7opFz@Jxhj$DF?;v)V#R5eGh=#S{%VrSk*NKGPBmLi0
zShBN;RDmOC0nrO_8?XW7+P_=*Lfdhb!^N|{*=PT`ei2im@vXR($(?_4n@0Ee>+ctc
zY6F(^jtFCUUCXaHQSug}h=;N>Qywm5)58%_Y!>}GL_JQQ4%^>)qV!~fUcn1Jzi#iZ
zTX~`9s;u*IsCbCii95|4;g0TYurhKH_}zRWhma9PND)d}=zov;?IqO{wOAGf@z}l*
zL6uVJ8p*}FR`;5zv&m~ypQA%)*hdssbKFdnUDxVfM3u{;=-E@12K0$jP|Mam+{nU`
zRHFL~i!7E#;^N~KGjy`C9jhV_DVW1hpb##?K-6J-M<G!R_q1_DXB@eK*CIaymm#Kj
z<SGVV^zfH=^gH~=KRZ-8qI7w^=|Oz>Bp3%SyJ==I_t!OKshVnvH)=qxiQ*{sxZmEl
ziCgIlRcs=Pz;#~sraiMzH2m|M*FS$8%0;Co`KP-^x{)YdUjI~?`R0eu8Qicx8yn2p
z0X8yVmtN`Bh6P+tRB!5i`{B3C66@p323ErkU@~kmC+mnJi1Cd?g>3(Ah(g2J7ZA1;
zQ4tVn>*15=mqw9fC@KyT+Wm<72OH$m+}62q5+};PJI8VdG~Aswm47v(lRiQl$5Cw}
z`16Qe&m$tDMp$qej2X>`-*B`Km_pHyyRP-uAgWW5yYJx(KveD2FvsAEoN)o8*zmsU
z<b6b~*<^vJwL%tOhKy9|=?Ea!MvnB@%n=l8mCE;)0^TDjD4)pElo-2C{r1jZgQ&Ga
z)~$S}5IZgZJmS``+}1>`m1l0{@9y>a*A{5j%Q9V%+n$Fn7CB^SC;%c^bg+6oLfq#P
zMTV}%x8k-B1lrvl&4*u8%0(}HHt&5OwhMRk%2$Ix%^HH&xUv8wr-pXvtsD;5QPUmD
zU!309N_5T(9gZ7xB6lP3>2|&@CzRh}rS^6e3z(az8hW?j7@8ay*d9Qc9>vgUlnAT>
zWEfd5`H==(l-O+~i4P=2AwnY`d<Y3IEl9ACfZ~4<Au@4~YMnscW(+yP$m4d<*#J;L
zd6-zOxXuBHrp(|s&L;}LrL3KzcM>|z(CD2{5Iz{{3N!c;MBkQKew}Aa!1=(jAHx!~
z5zLX;sCf(OTnGfWqI_#K+XNVLipT?#vY8x<M;w#t{<X{&=l%mmsJeeKA{I2paMkcn
zwaDQUN3KTy_BjmjCA#T`Lh!#NMNj)EF|e+=+jU9tNlomKRK70(AOzfkK8mzi#)C0P
z0&X~N1Zu%a;c+!1wv+<}2p{Iu5f9b?7b|10P%JLPk_`j&SY6nm03aSALL4twhBsv+
z4z@25$-UHDzZvk=?Tr9}_GlO=+3ihIw;tT&-Kz^o2mv5|-wluO?w*3D<lU<a3U3z8
zBKCt2Q36r=3N|y;Ho+7oe=<I;_R_w6;Z(VNo)?Pn&0wxT^`kV#JY+JOE<$f(8U^Qb
zg?;R&-)*n=FV3ZH)Gm~}k*U{D{Yv}k7xVm+&g8q(^L_X9E2FX>RpG9i%3E>wVBtRU
z;~(RtLoA!&Kn~sR7zk5&uZxH3wp@!QY?We#sD}+=)9q|--^%1B*P7k%Cvm%ljcl7X
z_x;<@x4S?iT*0-YJ4No$PPv1{xcKc<?gCHrmyl2J(DgXoyJP0o|3t*aD2II=0It8b
zP^^q{HoTMX%l@_{E=uWbci=Bb*!aO52gLqMh-+jPH#_kD@UKqZw#1d}`ssG?+Fb`<
zf7(8SxS6r_8sdI2w*L1L7YUB-4o)~wC5oY;1pl>9ZA;wn@<Z2{*db0W+&xp9u_-zo
zM86GDdjp-3;40v>JhU*k5ZPYnNiFq!QLhHFG_A)WOaMDbx0$&J9JP0J%u3wF{#7~2
zw#2PHtQ$|OBlllG+*&rbfzN#@X<HMwmXoYwC0|b2_Qb8_B<onozmhmki=!oc2dEH0
zZDd5V8`jr5{LOMa^G2%mTlsT{ThFk*HJ{sYoa|_)&F*62*0Q;OJD*!EHgK$4dG$QR
zL1A7i)jB-(!59OdmwG;E%J+B7+?~X6=IQws#BFZ-xqn*_S41NPfXY?}-QT0b(3mD)
z=?TnSU!6Ft@$wc!^r!>0YexZY6e4zd_Tnuh2|?*mNCysU4`|;p<$d@278id^Tz9>0
z<y#H4TqAp69s$neV|jM&?Qx%X>25J|Z1p%h?_&tJ(tYn<j%qtYHa1{ZFeI_C1}1h<
z%eqpNNj`27eUF)A;@)A0E!%VBKs>avw{>)YPZ>}a<BYy^=32n<oeofB@@wf;LxgNG
zrQ8L$QnaoyZ~ETzmJQlrzXiINxEN6uEYH-z1x3PleutzK$|1vmIJQ<|A*qr-cX_~P
z&m3o<w>#iB_W%ARf46eDv$J{6F>wo3&-yy>##>d-(yvDu61U$^TQ70%I#*efxOaGc
zA-w(YY`!S8$3D5B80z6b4qtv!l;b}<2j6=y4YzB%=v~(C&bXBqMUEiB*q|AiFreHf
zj0R?el7Sq$p^(j#M>T9a;kRHVOk7>`Z(4TC5O$tFt)`Ne=^o;buPH|}LqctboOa*q
ze`*oe@9w^hN*0B>oPciA1hgTvk*Ws`4PAp+Zm6}aJzm>h;tDm=-N_5Y;qPhe^QO=k
zdXfthnwax!Izn3zw=O_{J7Dc=bG!TeZ9!cBjCG0I-0rIrht4>}VP_HmWkbAaRLmo1
zTck0NUrLS4HQ{WK&&SIp-USjp1<?+{BOtGJg?Ji}w=2#j0LkFa7s9oJx(`j$vHB6p
z^C5fc{M<N?6_r@;Laniq5CsF*hCv!Okajk~!YRJ%O$5SAAf;zf>9Njq328B#4e;O6
z^d1}E@3OUjODlWayE_?c=MZf<Ck@!XmO>q`4{y^@P=FS3_x$Cri7v+`)7f6yJQZ~N
z_tFt|Q<o097C;(FJU}ZHj8NdJNyk+U7ePo3j>w4nN*i?GVZ3PgZK$jvAXK)H6+LgI
z>c()^0;G7;{UZT>U7+LKZ+%KA=}FroPbHS@z`p37WA_+;d;EW+xwq^WqgDECA<YrF
zHD@CYwI49L^Uk}|^Bu<nciz7^-}$_m>it&S-erc8cbHaHbGLmCO&f?>Z%K_FUT0GM
z5|TC%wcdgnJ=|+b{W6L+61CoP8a>==Lj8tBZDC#fR@TXW9pIK>OE%Q06yl^P_%;b8
zvqN+a;wfp6eUL|j=+jAt915<~=!BU@6x1Y#($HHm%`l>GDI9#!-v+mS)MzUQzyJHT
zGRPPGZABVJo^J{l=u9CX0<43tu10E%fk@R>9e%yP+c-;NZKLh7ltP~`%=k)k*lHW|
zE>>0l)ql5CPHa;p-EH%qLZ81;rV;U#|A29N(uR-IgEfXG-)Otcs?g`%!}U>BoN(o9
z*ZF)agedZ}?31nl*IL?k64#c)-KG&_BB?AdwYBG!8ExMEJ|n3;NE>=__s1RGe2c%W
zhg;;=db`nX8ZP(pZyN3P!;NqX?(XvyCi>TAI;B`>0OmVNY`rRU3!E>N7rsg*`!X+=
zCB#h!G{kI)S?%OAi4ZY9>^`UnHzR4{W+YK7RAg@ve*Ny@Zjme&hI>J!5!O{~Z|b1e
zxmuGm_0|8jUfnIy&_bU)T(VB~k7YMb)<1po`rX?%uU@@;`;qd~HplMW^Ka|nZjs;?
z`usMDZeQW=GtTZtk5jYHca5?Zxou*cd`4Ga`wzv8yBf8I+nZMw_xUbdw#gVq6)Hpi
zTV;){hpVdTwo7p<UlCwVkAyZZa@W@q>kR&@|8C{whr1g=I#mM*Xmg*hy7)kl>jj`d
zzX$xHxIsR_Xqm4$x*pQD9Indf2K!x)X2x7?j57Rvrm=2kqx29+e*|UAy~!Kw?wbs*
zkF+f{qRwz9Dle9m?n#@wmA{x9xhyL^Hq$cyyUwJpDpT1|kSh$A3oC#r0_(D8a`$Xn
znhJcBKdHR<dUw*Tq@F*2xKKs5FVCHWaNM|f@fg^P+k34LKzJ4v1R?zS?9^`oQ+hY!
zSNz*rs_G1PvB7i-Hhj+N=+TG3VMKN>a^7~f_c!5VxAOVH^Mkt@^$k~L8H{4xaQXKy
z8SwxUW@~wn!vDU)aJOmHJKVLGZ#Vzk4f(gQOR0+{F3uMZWvh{F)u?Z{v5$(%r)1pc
zd#k0A{@aE->vyb74>o2vNP{+R<{G>@)$He<!@cj>jo%%){u<FBZXEAkU9kI)7uwGQ
zGqTuK_)Y)5&gw=US5y&R{wmp1d3qv8_#=k=vGbf0&50H3f5}ALf4E*Cy3hpxRYiTC
zWSQ*#PH`zTl2o1}>iyKXUoIPIe^F@TLXYi6q%wee*5z35W7uh;mi4TJ|Nr~G{#5JI
z=A#13J6kHX8$kLV%$<;zm(!%ue_Lu>+fc~f66Ie}7rp;{6Cmz|9-A_2g&0M1H&lxp
zfx?FmEu-i*u^_QH1Fr)48II-Qfjfn+^RIXJZ#~>DChmqlDJRgw$~HFAhJC~g=lYH}
z-23nT!$mOI{yrPS#fJAC^ZM6()8R6_bZ*L@D>c^Vy2?$~vy~}w76qKk=rK8U&&dTm
zxE&~GKsgEjOp1J>$E$In6Oe`WAGrS{DDPK^{-noCESc`+Fv96vm`vWv$9D@$Zn#wb
z`$cY{?89oS#IGg<7e`iQ+=tw4)x5I+MR3`E7pE|PxSVDm`QP_qU|V1Oo#C?l0f9p&
zi~PdJ)ZfaVqvG08;VK?47?wtg((|K=O!&+HL6e}GgAey*WJ1HwbV3m!zcVBM(jni<
zVfvOzV0jZtA1L5f!{t8TwF=?>CybOx+qpZ|#|`(&l%*cmcVw$mpOlwiSLJwCnKHLN
znr>aWNsmqMULxNvOLuR}pDVNc@~qwlX<Ke)9&Uw{03l~D*7Vs+_CqU|W&XFNmU*U2
zC$Z}4>jv}R{kQe?#KTpK{Fgg2BEoRp&gC%r2wetH#}`oE3|992MN;W0M7w?fY(SI0
z<3A@=q*wXa4I{lW<#hJ9blmn~#KWx%dkTS>r@E>y8VXwIGgj2NWdBV0;7q%A`6*Tu
zVt>C_3GE#&jU&M~C4Gqp@o<ZLtV_EABP}|+UZ0lqRLH4w60~DfKO<YRl8ao8R(-C$
zy!10PH`)Ei|5<9dW5jXb?V2I`;jRhL_JX930B$0^gU=S!S8s7>RFiELi~E-i*Aa2v
zu&+>`@2M<*(r0I}5Rcw8v)nPlueO`NXt=ib=sLxr_XzG^>6KilyozJ4Q+Z0D=TORD
zGuUf9l>ps?bb|k2Vydy0%1=#39X_<w<%Z#IdGGeFuIlAg5K;c0H`LD<u80MiWBH(-
z>7*_EB=kFlwL>W|U0!?SBJmT%pN`FZ0mc8g{srLZHlqw6deYYlrUY>SrHVTo$OX#Z
zl~!4h-nyLbp%s_SH*oG$3&A~HO`9Xa7%(^3cg97Ycn9P@0lCv8_yC146=KZ~5paIi
zD1-pB)bGSM=r)^$^vt#K8>u)cSCFWHj^f3#_Cc)xlZ-@gMFR9V_P#Y0FR}E4UI7x-
z0;&Ona>U@AQ3dk8E>a;*N`|sO7GgLYLS-Sh2FF6mPK2%dQif;`{3zwS|Myt#yj)gh
zq4$5(RgsrFSkyi&KzpY~>##2D<@zZ7BS1_?1!1Y1NbyB0Db%XLLSK=?qc*-FU&vmE
zCUDcd<~mnlogqU*s4_}ziA*S@kEB9iAqQAC3ZV-KY)aZik%wBY6#wL9eJ>wGMbDza
zr*KmBC#V!u^#n6>(J5cmoGGC5Xth3;TzkOEw=Yj#{Q5GTXCHRcb}<3}+g>V6<;#3r
z2HZ1nC4AUT(|!6XdL{tMkzbU^p~~yH2Ra1`{$iF7(XQR8H_{vqgVQy62cHr+IDMs{
zI@=9u1D#F!O6aV!$HcJZl<<AL#<eCS70~Ch*HF7H(`cg78P{p<ZbEO&2z%}Q+gDad
zx$C8n5c57WCW8R5VH6Stz}+V=em#5r@%`IZ!`_qbxZxL#A7Fg%8h*Aa)ttOcg#jl-
z&xomz6f-6YL)BS~@F>GEyWdOzqUO4pfKrT6szER|uq|p*sHr84S3pRi`p)hWG*w0k
zy)<(|M*OHYP-*(uy(QUdy8CP+!!LRo?J|x6s=&Oac+|G0xnbA>10mbqMKAl3%;08b
zScW9+KvC0lM@4~~COj;a)u<7aTLN12b!^6_w99z|q<6?QbAa_ONAStrZ&AkHz>70{
zPV3+_=L<nqI+EjjN;mUs;r1N7HDT#1@r$2irA@f1_E4U_I)jZwDlq}OI!=HS&}I8#
z*U4w4bhpU0D%|Y!?cw9buK)Su-OJxk{_^p~*~RIb-(J4`%f}b5FFszpdwcTk<<EZ^
z?xo_aCTI{VAM+{^+lEqV=y+2rB$SVAn3%?#9E(H_EpLnjaW6UjnCi`$49XP2G9Js}
z!emLlNT@@G>jF<&I$s5kT57MyjKY&(8QhdEtD$@A!eso$U>}8d-u24HTNWnU^p<=v
zl)GMwtuz`kxawFejpQW=DSJdyrKd}GTc4eWxf9~|P_4Qv1>u$q5{S*SNMPh0e$q&%
zrc|<ZdDB>#{Yqn%bzlDq3ohwY{O$v5RXvcZT$xhKo0-9qsszo`$m@l8s2pf(0MF1#
z^4E3`w@)#ty(yOQfp;Aa8i%8|rdF44Z7^a)tSS|ESR)$o4;*&uwn-+3e~P)%58xdx
z6Sc^bE4^|mBi3_NPOIGV!LbU@2I=UXVJANF8FNztRfBar`!0)yn*c$)dfVsYJbrS+
z#|C*CV1$j1_26;uA+^Bix1=`G&_CyWloB4c6z{g?esc3hX}g;d3tDgHchK8`tJNDJ
z2dIN~s(S6tEtL^Ne^$}RcKpAY+gtUEslT4hZy1qxMMcH$Q5p!v_wO@Pz2A!4r~oTi
zEBfrG-gas#CmX^)@v*hFGPWdYT|teAsCiz#)hb)HJ?OXc*SyT<%egF<^O3FyZwJ~$
z7-RaTSP|@chLv1GC1@;V!MPcP8<HcM5GAUQD`lN<KR|@|ngnRR+;kRd<gJ4YY>lT`
zAvc~3ihXD{`26UH)(f^G%9ro#tPsZP`EsFhU2)IPUio!pFPb$c`}|V@a4fw4p_Rk5
zThku|_Y}8ir5R5@w+MM|Bd6B3XCx|w*&>S0NYsGw=|_2)`HIU#gbC$FzkH_FMHGFj
z@S&|{YF*sVw+iyviYO90PpB#})nkxd@O5h8Umb1reL4;d^VlrN-&wx9SzL=Ka3#5a
zT{OObXRZKW!SA%@&$5Q!{lnyqYZN;FoITYd${)n0o3u4u11OS<S29TA6z>^y(3~(>
zM};b{ns_>Wj)Oa9DvF!#kD_ib=V$)i%76UxPNHgUd)<zHp*%>Vn>20Xn|wkxN(hSB
zfx^|U#YPv(`sM2>SJ-_RnJ1Qjr_C8sWTGBEcc!)>3NCY~(P+Cw%{%vb)zkJfi8|^p
z%Ge-EecC{j`t<dQ>eL?X66H1Y_QN4$&^H021ufcgfu)7aO}RzQ<7(;DIT#O=Xq=fU
z|GSeNiezE3gbC9754_2GROp0WmM{f-8w$3?gQ@}a`t<z$`#LZ3zr#Dvbv4#yt)>tx
z1`TBN9g1?q*m#h&y3$rE024^%o3dD;gDanSb-q){Ca&eVe|<zCaE<Rqx>iR+H<srI
z!=8Pj>nb1jfEMx(9+V)a6>=w$C^E`<sIBcuYHk26FC!Pqhu!GI9){d5GF9sfvfZuO
zh1f{4g^xfT?<vql{jS>xTR<Y*vZVHvVGq`e23r6Z5K&(poL~cPRjsOex!44zKtxf?
zuLqd0X{IQec+<n@3^PaSQ+Vi0640<1T)Pt7mciElxk1);O_Vk8oyo-MahpMKUYkts
zFHFX*^RE);zkUnUW?>35U0p2P2|YEX;~jY;$o`h?|8iz-<hdIp0A9iqTyTzgw3@p;
zOi8U|yk0Yc&3I~^w4C<CfTu>ts8n=cDr@s;`E7Vz;G=7E?wj&zfV2Hl7JMuFP79W~
z%<ez{SW6Vt>vNNK&%cdCy}ARj_Ex@XWBz_AJ=E{|tLjcm+pXK&0oj=os^tG8i+rBn
zKksBcQMD;_uZ|f%>~s9xhOhB()`p+G?-j8Q4)0cGrCnQ;-aqVSYKw-SO;qo<NYrU>
ziP9dT?rQkeh+3HJMQ*Dl*uZ~WW>ei!8ok1J-fer&`m)sTI^C>~sJZ&|zVud2C@Del
z0+vi2Z8Z(peC+vJM$hl&Wv!>KApjMTTn`$<(}VwiU%o{zQF(ddyOdp``iS95ly}pz
z-SS=N@v_S671e_1DA<1aI&HsX@$Oi@7EvAa?;hs)Rmkh%Q~eZm^4{0oF<(m7))avi
zvH9ewDT;u$d3oL;g^QJLCn;jVYA2c{mikHPy9YNjRVTSkRMPXaI~IuXn;Z9atJFr5
z=nIXxdUib1*|I>GQG8A!dXJyL&nRKvU)2KPbjOvhH>RxKN-)UEsZ*Bd0gGWQXs`8F
z$)F?DMsjT|Z#x`oryr{_1K_B1!v(|>=)_L_saIwS{(^R6KR@U9De=Gls`i7sSWDez
zqWT;}+Y)urs@g1N0}c6CQ|7g)dhLU4D>$_UlFlnL*Y!*<t$ed^!o*r}yLYD6aIh9p
z5a4m$tfzA;FUFNxU@4>S&-ebjmBYsew(kOJ5!L6m1$dzfV?BGP?A}E6e%mFgugt@3
zn~1Me3u667ZxMy|y{0_hA*!#@w<Kz2N>jC7*CDE}(YGWDO@?nZtPoVe?jfqL(N`r(
zf2u3x;riC4<cHtGWeqMSo!uW^U_D0%qWVCe;)nV7uSn5Gq8tzKRT|el{8ldtKuz1Z
zGUar~-F03;1ST?&P(Xg??aNm$PcB}*KKb=!68F3lyVo17u*3Ct^JG~RchDHhOj^pJ
zsPjrUDWrIx&z-b2M8QhFp?VPO9;O>7f^WZiZoeqjMQ&KhM~_~cS|2}p#KFXhQzYcD
z-^-6xCG!$CSz&IddV!U@@=x;c;ONO7yZPs8<<t!~x0$wir88+T;%OJ3czysP&6CHE
z_b^ma71oGSV`@%)qtz8g<F1n*hV2R-zI<Lc?PXmb$MS)!mhfz4Ouc4wLdvmPs8L>k
zSrKz%RF)mf%hxa8ef;t4^^1=eFW>%lcKY&zkgmfM3)!&8@_;|THsxDm>SIhU<8R+v
zUAab(QWKWr-7H9d!=|Nb$Wgu=dz6<Wvn(?#YQjF2KQHG>3P?b)b#6kebqxP@6T(+9
zG2cn1oQ5-jBo!?CCk59X<d@|o#cYuEG8KZh(2Xj6Nd(_(iNcEO3Tv<2<n^po>#*c7
z5!Z{LxFlUR#)uI;`0u&4Gw2Og#IN*&P#v(<t~oh=ZbWl_-Qr#?=gR3ZG#AG_*O`!9
zfibmtrpKyEbC}=U>|>ENeTJ_+cl+j8?mX(GOX+T=n%*WyErTSrsC0svzyyE2tTPe4
z6Rg&*`-iP^a;a>jrXgmp&d_H+gfxvIY`ps=t^KsD>Y1+QrqTl#@Q~v0u7`063kYbA
z>S8K6R|}GgLr9ju8G-Ry4rFfiLUH@eWTd&f-?3;Z+^lzH)9Ld1cn$A;0Oecd`Ok8p
zti3T+hC$bgGgG6?8qB#{Og}DxEx6wOSNt?5=HY7pRGGQ|MpBo5)~mOA5`8VDTduf6
z`g6D3v0NBiPb)~xao<hz^3z9m6m|7+QJFCWyC2J)BihP80sd_(&6L&HsO})=tBq%R
z46IySc3a8J#3*0wJW<L7Z9KA<3h{${^ypo_c=YI4{)G}hIJu4a=6bL2H_09)$m{0$
zjFLyc@=<LV7%e6&&~aT9%V}P=7Nd1+zd=T6D|J*Y@{bUN#rv>lzpmS^uvy_@(cY`B
z+bfMH1*5h<;ty`0VA^|!;X1(!wV4j%?fGf_GFvm(D8~7^i*6M-tV?B?4*r-ZXb+2k
zg|M$wPzoqaWk_8D*&QnXjprJ+zk6c>vjP8tDIDU<H@s-Hay!c}W=Mw1OALjFgb6$m
z(LzR(;TB^f5j@9u?q9mgeNp9BH=^O)3OFhII@dRp3mmod`Lr;tk;L2N52dN46AIlG
z<K-3X?9D=#3D%@e<-17a2yYokRmXPvfpC+}LS|-~69k#07rJ&gGWXDved6Y^o3@*Z
zM83x;lGxxxqLAv$6c*!fFI07ICs?hfzA^4fg}Jf0Thoy)%ngVw(X+1zn*>wpq93Rd
z%v(LpZC$Ng_q$l7SrvQo5`r}4knfWIG|CUV52}$G??vVu$Gj!PQs=6WcIlW0W>3g>
zGq^Y1GSP}=17v5pQ(VSoKG$VNp+N3l!&3u!rFO>C^Y+J+(*edIyQ4t$9x_vEsU|g`
zsnEN1y<9+^$QaUUD3NofEftc?YY<C}1?)%HKjmk4wuTrjYrdoA>Pkx#5sa*~+p(}7
zIQzsI(1eUUolW34n7cB)h{X~mEO4hnT$m6&3IJI7+-V$6hHf5%+{&rbD3H@LK_aS|
zm4-cw)e`eE-iU5dV5R29)-ts9wPHl`g~SCxhi}y8LRsueuP6`ZJl?LvciVfN_G_03
z9Ho!{3tr`vFc2Y46><<5gC}MEl(&p)?H(1Krh%K<t9(KCYOOI2u+VO^#D|-n`iM8t
zP%KNU>r|eVRN%nv4ZzV>=*iZZw965te23yXd;|FG2k}x>MXr5C9?OR#8kAR=U<)r)
zPT_K4C~kwg2AP5L1?`j^o5hN=nk=JqpoTlHaq2HHs4kVwW0Kbcn#Q8=OwiV_?;u24
zktqppg^{u|akU)jaa}McAfXlRvV05@WfE;B22Dy5C*&rMFMdzoeV^|0$p30hi8n}O
z_V-0V+uU`)YJI%L+bf3~lEUUAX&(yea`(CQ$uHEUbuSDi?Yu<m1@2RK<_z4TkmiCG
z5xBm4H#za%ig+(2Tz2=o-x5dZ5o}9Mdu2&T(D}8S=}vcLCc-9KEQ^AMmC8qtXeTZ4
zNV!8)>Kk3HI}PchM*!5oObd2LrN=tI)|s0lfNoRhC@sts_5BPfnk`4jl*M9Mjb|zt
z5W*l+c>-*^Fw-eY9)Xlf*Hx~sDJ$~i{LHPL0Hx@E{siB-Yr-wc|NJ2T=Lh*R%WHXF
z8Mm3-X8`Tcs}!<vICh)1C(o83#qG|GjAKgtEVnnbMzJKJvHuSUo(X+S5O4SU*>aTP
zH)(F#ZFn%>|B3(QL8y}2BrCK0q5TNo&)@%v|J8Yf2DpC*y|mre9yZ&RW%#h6eB$;Q
znU}qUoQjjF$^$^qzv8%sir$8Dp=Wtn_na;eqHm1+`Tdz4;I{k~aM~)Lo&sOK(AT<f
zx|%$97jA*s$^yb9u1a&`q|HjxZI9ulNP(5RZUn_D0y1?yBXrBj`I+6L%Tpi+z~Ljb
zL~Z0`S)!hSs$#K9S#e{{wGqm$>RQhiPSy}`7RMxyxuK2#x1u8`EXyLl0s;}RLV`93
z6~`kSj!5*gsr*romE#^%+NY7c4r#Ye)$oPHKTenV$7NLv2O|2y>1OaH6*~4GV1gSz
z<2UZ1nX&Z{l8i<CHP`7K_KF@Y*+%lr09%EH6HIVD)4AiKPRyzEYaN!+C#KUP#bzQ^
zH`iRa#x(gLl$N+L6dGP(9bukM-@Lt$Gp#bnR=m(CJ71ooSzsmKGNzRW$pWg^TR_6u
zW@8AM7*<KZ$J!Ge1XTp0uwJjXbdH>)jl3Un{K?<o_n!M11$@V?sB9q0-o?rTi4P$+
zhs4>Th*J9R)GoLbHY{ax8B=*yi;$42q#q!HYg%7DtCK*^E(U%#8oUJ}_wX3Ol=zX#
z>f^z^nHfNOgJiKXlOtvGF(AkXa~<Hs!!n}PhItuXzL6>)E7M>HX&CL=29SR12U;`Q
zY~8PjzZ*ouSmM70Mt?RTv;MjQs5$D?)`LQzB24pO<&7?ifgG&_DhFUWk7f@IJFt9t
zZTl@$(OmRmjcGCzwR@$R=vs@`8H+x9!g{Cdq#*Su++rSKYh>z~H!t=m!2@}tgQ_bo
zebIO&3vF%UB)YuNQ=Q@Qa%6qZfrqgn*l4v6Z_FW2B{${1)71A>mVuZ-e4vHN!3s3%
zp6;0O^4Cr$vNc>2cqc>u!jo)ykwc5!Au)@g97QM`jsw5}9|67$j9(1>W5W&y=t4?3
zp0F1wEs^!1S?#nMz&)RX&)e<Um_MNN0Sqy~8@d};cv8sxkk_evtLFwy2{8-vEkQn|
zi#poyA|M5_cwsvj7w~P^FMQ4>=r}{^25V6Y@ybj=!N<=bD61{RwB;8xVc-=mF1?t;
z9g|h~{@ZR@&zw#`sc}r-UWy<%k(cT^S8cn4yMdch3P+=Y@(J=037G>yMj%ERR;B#q
z*OOB+IK)%&(DF2`>3joG0)zx*y`{>Kkt|AaZq2VLgXVUSK7RIJsYGBFCz?^4etKHM
z3W@Tz;jN%2n?{&Hgupk_92l5kjVC4Dh6=~hU0v>yXMJa^Y8hlR>i?tbA35G|I0QZX
zA3I}Xu5t}_^qu1!e1_WZ4ER?ky4$>VEzD%HGuXjx&JQH`F**I^<n_-le|;G}2;f9J
z$91*TgB`cvYU+A{AdY`}T0G4p1a41o^MP$B#wWfG$y?Y*h_VFNwqYCTU!X>lP4fX1
z#F}91RSos;9Y#isYxWR%8|GZC9HU!#2SLQ(QgouQnFYl&p$b5_9BG0XL(>&plr6uL
z5NHYTmm<6XyF)}D$Hm$36Q7g36b*}yyXw+-8rb&Z&4XUjqvO~-OaiYAcj-ClGwqq!
zA<0duA#D(kemPfpv48RFyK^Dn--KO<Rx}M!5!ZQ?b5H(GK-=2j<Gh3OQd~q{PWQEY
z>mGR5FFk+yte!J|D#6h=J*)e6UN81iKfGu-mD49p8Oiw}$-qrX*i5RHrW|V!j2%0>
z)@ANw_yKFJmG-9We)Dze$mrAaQgOk^VeRHAhiDv2^wEIm4=_&<li+Cl`0Ja~KYwpZ
z0{AKlbAyYsADBIi86B_S`=-bSv#eo>-Me8GQu*4{dLU=!Mqle{fDTz4Az0JcT+Hge
zD)M@@rZ2VxS3H%~HCX-_aJF&xqG}Fz9K(yj1hRDrqc4VTQhd-rY$dfUe|4tNy=Rz;
zHIMoPk{%E*RkmJ;s|VT@YfUy9p;yyH1IP`2TUu@9@Z|lwUxspc{_5oH^$^uiH*6kp
zWTNELU-6I8%t1Hu)tjHsUJnU&4ajsO{aCLS`dAiD-WtLY?~Uq)BpJrGedpmZn*e#L
z9jxl(2+99cEyrkkyA1CT{El#dr+GbFj^OMre7nR@yT0%CWNpM46E=M6y_Z!XlplPf
zzUXUiVIst^KLY;yeh(*$Ui#C*xb>Oqxv5riY1I_GkZvwY_MamPP0$TeAESXU@zG?S
zUN>WAS!)iuAq&lD)xk@Q=kG3&cD5WLE6vMsG<Sd>{%+O@QV-{?bQc6*I}nA(a>vcf
z4*T9s305F9FA3NY4=wkH_Gns?Ox3DcI{_q4?1n&i2{ROIW`e<9osvej5O6>Rd{HIc
z9aZp7ya?El>e}R)%$5jYp#{F2E=P_R^sn+y?&@@!V$ZYHsLC@R0EQK781hjV7KRfb
ziND{&RjVDxWe;80lF>$?*#zZHMDyTCCxaT%G>}YFvsx7WjK&24-yaJ};TUKY=wCS>
zuy9gMjXZrJPsvY<_Zx1A(K0XUBrjprMu0m=aI<oE$Wc;%D<TwSzMl5nT9&331ZTm~
z3X#V*K<heXgvfB>5fRkE=z!3KWl><bhEJ^rfvnQ_Lbs}QjyH@L>H0?NvSFrR=Qk?F
z(@JI9rt(K8s38l1+g$+<+p(*141wB?CQ<8ZZYgpU(M2o{%ELR!|7Av2Vp>0lZ#-|w
zNR6*_20Ta*2{w)Sr)3y|;l-*P6P)mm;3ogYn5$C)2^z{w7aB%)2~{v5Gc4DU(4(rU
zNyb@PX_eJ84NM?6`?}n>V2{`bE6{YAXL_I6@<)Ux*b|1G9c5l80k(?hSyVcqNo)M*
zhE1c{)JB%3nuFaG?liZI4{hU#A&zI2(u_xeU*y+v!twCD(l|@ln$^M^3^?#c5_l(t
z8mOWWZaL**hBX{0f;^QkjEA<Tw%4l4&C<%g_Hx%Q$1|xAfWHZ{wFmnqFEL1f$XQhS
zT9>t_2ks)W8w<Mxd!yUctCS<~LuJamp20-8S&9dY$R5`BiISE8ZxWOqQurIqY8FFF
z&<!}#vebmZ;MARo6L7)%t*TnodcH7~s`6rmUU!flVIWIbKxh`$(+RjS${B}4q8M?Z
zwG-FnOcx99<gb<`dQnv=b8DC2-k(ZSv0EQf=38|)#xn_czQ+5l#MsQ|O8~=gYy>ro
z*KHp{ZpTX---UbLH%_qxW}%4=u<%{F1?ZJSX1bW~!<n^vfEsAsWw{bG<#Uz$<U9;3
zz|fu2)QJ4<4$_S&9|F$T!jxGm{_vmu=VopH{rS&tPhPxC=h-)T$HBqD!Luh%;J*h4
z2hIN;9z1>g^zaXdPo6zKdh+D(+2NBv92_1#J9_#DdGJlBY5gtTZvVr<7r(1Lxc@``
z9?18|M|><7%LuRaO|SvRB@OXTn<KKiwE46I$l$UDrqfgbO(inDs5F!*!nC7eB`dT(
zo1&#L(*4WMLJ8pF7Vu=?WX)CrgX&0DB*Qn^Tv1hN7$Y4oQCCi;x>g7(W+q4_MKd`m
z4_TX*3Nk?)2lpgrzM)fFONweO269ws1#Ay3LN+`?)WFy{WQwjH7&b{qbHTHb%HL;s
zp}i!;HrdYXxaU<~+D=(?J2N*z$s1LnemX)}bnVz_2BT<|VT{WpgLjj~7AHm2OS{iE
zb}EF^{Lx43n4OcZ{H7qCxHB0bg)45y!eUf;0^Dy1D?EW-bXi+))Ood}H2l1e+4FPl
z=od&LWVv95fxC<0W~b-ydV1G>jSz{v?BDYkf)I`H!|nr?cA71diK!A*6bZN7bG;s=
zN6*rO54#VJj-DORH-~@3Zw~+Hzj;jGJmznn;}_5Q^LP09JO2CxKR@Bm)PaBgh+gX7
zKri6W2l)8_KOd%t*x}*f6aUR2eRJr)IiPR+Q#cSF$6<;?J$%NWpW^4I{Fz?j-+@%a
zsNKSBxdgEoO@;Q*nIJA{X(9=o5;%IVcE`FvLEaw~X0$(7w$@d2^RaWM>GkJ>5T7}_
zP&Xyzd7<9%S2N;3P4K^oNLpGhhU~^F`BBG#0yqOmf+*49Y2^(JzCnRzHfTB0V>2i4
zYM{tz%G2Br9C!<v8{9h`3t12lmtX`mosrX#y+JI`^^Or0)lCDO<YjJW!w}(#1*5=7
z)kdKu6tMZSsPjdkQQ0Hddn<Q+Xqy0?9Tjgk5cImh$I@il4k%*}eAauxNGL9`&>iGt
z`fc%7r?@%Vec2WayrcaC!Ak4*42pxiYx0u6fW74FM?J85q1-jXl@dw_WBas9fZ)AU
z{6fZ4oOiDPtHlC?m&h71H<^xIVL-RjV52D?Eo<R9<z?W6kuRLA8MKweB(Lm-3U!qG
z=Ywtvg(JYF+egw8N80`aX3K8ds5*x{(bZlm1YTn;NMv`_SzTOH^%XwCS-jc8T*Q?$
zMI4{x78o-Z;JG-|o|kc<>RH;z?QPr;0s@90JIR!gBEimPzNefTKL`n2@-psO_*X`Z
z3LXdL0u{)6F`fsH6T6&FwXJpLm23CPJtv%8wnF|s&;P*(Z$GRE7zBL)NHde6C0ya?
zW9f>g%AHA2(EJ@=W_kfuYA4W~QD*YB22dSUu1NbDu<lzFpfJjDp{jhca#y-zG@y4w
zQ)z2GC*v;P`*|GF7isOLYBa%QgZD5NC#C8V6nKpliK>cWWyAi!)0X9SQ9vm>S*U8N
z<)|>@D`_SIz*)$NfvKO9To;*Rp80&f1W{%f(vIuZf{KS_ON!=l+As5Y(KW#Q)r`EI
zLs?oCCnIOgGl3{Su1mOYQ)angh%mn}$N^cCz+<tJ`V$z>rak5#;E!%i#JJF^l6g%|
zK+Ny~)6D7H7gmU0qDVLk-$_+>%x|M*Eie6{4nq1|KorOZ&70Nzh}+Kcg?0az92^`T
z!aXf7%$)4d;qIV>WO|z?xdjKdSQI(AFeBp($&xw*hQc`g2z)(2cM;PIBFEHRm1s8s
zR_?a&oF)FS#o)#vYB6p>vNIiTfMg<gS}Jvu;?%eUNrG$VLIPv|pXdPo(72VxRc7}w
zMKR%Hl4Kf@LQRQoj*#E#bMx{^gHE@XkJ4x96H252wt#~i-h)=?>htL&cNGfPUdRaG
z4N<TZbEBj5@W62eL^V*17vO(?3|RwWmQQC`yP7ZW$d(q2fiZLd*-ztol6wPkW}Kri
z=gmSvR+G!J&=#xEdcdnVASS>b>oQxIyriTQ(L_!@7E-#2|5?{){&&~Ju_UdH10SN~
z+Ns;Zk>8o_`H=p(d1$E+ZrVL}jY-BC?Gn!RyCLh6Faty3e{a?ugX`^a`k1(<Z{<sN
zR7=8cfR;05Td7+<4QU`ln3E3LAk#67`>vN&>G(jk)FPkHb(X7IyAur28({w&kf+b>
z`AS<iWE8YN#YG@Pz`CrB0AF?h1SKW_a{5eV?fSWqW;0V3e6wRJ%3Xjk!c%Dqw}4>+
zCy`rAm6_<C0Lzw7h={+@;Hx4n!zmx!S1Kc^l!y_Tu0wLL>%`apYzJHNd4lz6{RTDL
zq!K+x3#S%N3We5iylG4uj}y}+=4z@%WKqB)Eb$1l!`91a*6%BL6&-XGZ}>hkF||kO
z;UQVt^GaZjk_BrLM|AYtl0aUWFDkgI!(rg024-D{e{`(N{TF>fAq4%BG2qZZ@u}Vd
zy5GCv0Y}iIz3h8LLF#IM4+Awa?Zhl7=IcmAJqi$DAdO??M6Dptj-vuZ;3rfb+{8(J
zXQu)d1Lb*E0t(F=4Bfmngx-b?K1Vk>yB=2Zrpjv#{&9DHRxk1@A_k@FkmLZP;B+wm
zBqgEj4)^OhD%oNP_sU1a>DV8l?>kV0aVqZ6y3=KsSWpoBxjqoTJ)*g>wTP=8+vw2b
zArp-u5x`B)$?}d=s@{ARX{l7!4U4s?XhdNy&<Hqpd%SUDxD!Hq$3o0Hj*PC0wa7n0
z!qUGfi`83W>Yw~nGei&E9UKwYh(e+r{Frv|<Me=qE$b~7PSnD{2at#^NvQ>aiNzx@
zrh)8~)FyFP|DNcGNlrp%K{ZHA?zO#_5Nyj@K^B!GjN^s<?`Nm{vy(pL?>gvlL9s+g
z6dh+P?ovirt){fIx&hpw#h&b$IS~9oV})Tiyy791x3H%5yGO@lVnR@ZiI^7<92Oio
zq<^N7(gezXoajx=@t|Y56}whb)oiEMiqBSSF}(EEo1a0kJve}9330iN{>nB8B&9IZ
zeb>Rko_9Lnw-!SJfyQpOhu2!c1@4)ec$|K^Z+(8ZaX#%sf8H<-plr$GPkVgxxXJVu
z8Mo_#DEiFZD}=}Zfi7M|#LL++8C9-C+kS0RdCFVf_?oQx)1sodYbX5KNQU|(Cjn2$
zXU~p9A5^E8D+DjW?Yh3(Y6->p@%%q`$KUCM)Cs`T#uE=gtyG5B&jg-*R7ABq$IpX;
z#%F<IKeI;954(LsIap3kYX1n4sk*Ql6Bz?O4Ed4>&FQrH7#c>s3O|t6pz240j~bIl
zoQ|DmO^rzi;RZsSvwj|17$aQ~X9BGweVwJDzN_#7zK-WN-q?`k+EbB*_%V7vT@I{o
z5)HJ~5ia;o_#fB7fH4e1Oxq74Hik<=C;a&O<ky!F^bLGKrfG`T$lJ)z)h3*_K8Dyd
zCF0|j2q_wm=1xWRDTEMB1~FJDltV+5D|7aW(a%$DYY~h^m;}e{JcV&P7SEVyP>Cmx
z-i$?7F|HFfpvLeJP;#R3)n~7Ne*5y`;^XP7lZy*}An(Y<asC(>$nuFOX=``37VHsD
zW;~~utPrQgOa`}S_k68?0_<wf(`V^(FeV+Qhw0%{(!uyHh@+n4dkw;B+c&L$m3Lme
zi?lGYt{IrSE)NgW@6v-L)1zFK$>Bj#J^rru(i!D-spfgZCja!02jgd>gUJ(p@ZI6F
z!)J$2o;-a#Iy}-7{oUc@=tv)o4-V9mXa3<3+qNGK>%ptT=X+SlIMzm(PB40gGfM(t
z<C?uB1ND#io`+U&FswHi`<uRZJ{yL7wz+=T-Qy%h;pVEbu6!cn7lnztxw%QBKt5AV
z39K9o*6;iGrL%foxWRMiswx1$5Om^rHrVNm!b_mn6BLqTMI1xuMWyfimKv&G@oP+x
zg-MS>PE$6@MTx|i|BXgVR6{|o&ZniRD6^rp@de#bh&>Y7xfnwS?tnPMQC?=t`GOWj
zaLnKKlk61v<sxyN;54Jk9<nCAg6yej!oN7)k(Wz0cfp}0jvgl_%lRtd9+KvPP1sFM
zC%$_SC@pkS>*~f-nT?QBc#8#pUc>SVn?dx%i+)eA-w;~}87Nase{XyfLg+yV2eDSf
zu${gVtb2-L@k6FG)gK1{5Kqx=NWHMS7EJ@XH&ytZ0ahm<If{m(z%GE0YB;4(T<a{_
z9?MDJp_=ra=fh})MneuS13iQWu(MMMF8j1)b*70IXl0Ly`0pT34BJLzc`w84cj>`B
z470*pzT0|S+5lXM+?<h@8^*OP>%8y=-9_c56%F*>{ba!AaFiYfdk<dpmoNhmP>33i
zkB9_y?_h)4vQglNTjkoV$zfBUVQnd)8xl1U?^JLaNn42j|JZxe<;0PFUvz)wDTwZS
zV|A}n*cyzx?0wcgVL$?7kgXw8ppG47A*qbeSV+deStsJY#(ll}BsY|qniy<%b#=9?
zD*4b|1}T-w{AcEW{QYttQTDQBfBt%>c_EKyx!&F@5Onu!rXr}sove#-uXu*Z?ykzC
zMx$F(Be;_@6!4noQ&8C;@@t3-inuJuO5je`jl@|J<j4bk$^$zmxKj!8UfJ$PwDM6Q
zH}Z)R>W&6+VxjOZd$L9*Gm4rQ7JVjPd2UDI29JJfhEDXDpd?sQ%9ksi#ZA~piG94d
zx+Qg%rj?c&c#*CDt{F!uuF~<#L(mOTeoK-bz%If2P?3F)2D}{Vd|Xj-d1#;1A|I7v
z-=ZgVV8284=4H)Gqt!gHW20Xhm_roj%~m~62PTP(Q?*FTS$>R`0ouk(<)lpbNKz+G
zE*lLola_bQcwaxRhL|gR0G25v&-n1m#x?Stx@FR8J(+Hb5QbVURBn0PYxA%F*#(Ls
zNZN;r5)TDMy}p(Hi!@P@^Am=AS0eiS&*?2tK2)tC_3o-G;G6e<{IAkh${~uZD74=-
zD+$@P!j=6I|8uWiJDDq2?z1eLHIi&37++;XL^sTq&%5T*X%$6W2Stw{T~<`|FEcik
zSA9`_Btie%WT#BFsmEOM%FuUJ$4@0|qP_?HLafcwKE^0gcerM{@@-x|C6MS$@~-Km
z*2%A>x<q^=$lVs_WS~_jZM~{hqpSr~vy!Q~naP0xi%^Qa6PlTJ_vD6l^h97Eadt!+
zRkj$nG=PxdAENJZlm{1SnVvI8(X%8|>&<L18n|xkF?80kV`YknT`-OjL%U0=ymwgE
z>qD1ECo*j>n_!%+@$4-q4e5X*xlV14u~&~WpQE3%^%+FS=-+{%u7*nNvQ#tgP^RG8
zE>_8Mi>nl%T1+yGo=7%ca-f|`y(3DSEL7-RZ7tL9F#l`rkKC`U!D@Hm_d<OmzArZ=
zswMKckcJ+^cl+e~WfBXjc0pyJc&2d`C{|C1>@+I5oA_nRWG6Fi9!OoOL?LS@RN|yb
z<GxI$If<7J$!x6|K-DXvB&}aU{4Q0eA5tyISZ7Ag$H(-sP_P~1=_)Y>^Ubo7c$Zn3
z`?g!r_m4FmgZ$LlndNHmDF-g7CcZ=j*Kj8!PfD(ji*PkEh^FkxT;h^v_hZw|Bhc9#
zgsp-X?2z&lE!~Ig$S8sGisI=!r>9YcOuyeb7VPDwwR{ZkF{nXddZSE5<e@AP!*gG7
zqiW<J6`RjhY*4jqvI*)cJygh<J0BY8;-+caI0v`{?;$s#cm*;D*Jz9qhcvbyYHeiK
zu_tR3Lc#;O^EjM%|I}Qu?+|mnY2`lIN`1qMojIw=zH6YIC|rS1IWE`}4#Rdv;gh+v
zPipP2*h<W!dJlV!v`B=?c|x+rxK@&GeB4Rw@kcJunvY@M)Ge#2NnU2u*qJA6qSPKy
zX?|9~xa~N>ADnEHvC*-b=?ss7vrJCvCsr9EYPO;#a;5yc`LJ~2=1+l>nkShsoh0*9
zVymFj{igzy3`Z7G5k~w-uxO8TxIQNNi1CL<?3aq$_18Uj!J#p16oJ{&3eUBJ(u6-Y
zQh&~~z<rKqVF#rQr$ZJQzg2M6OkE(pS)3(Pk;Cdf9Y$$=H$=m9Sd0#jdnM|>i5?qO
zFHsJzwS3IoIqTwtN}OGy2x7mXq6f!rJcdOT^+_$lR#ogsB~i0T&B?ctA`*{q<%@zN
zbc|&W%BlXU*k##io1ez{X44@5AjLY(4M9)Mci-d2UvoxsCQ}r7GnY<-xIR(oD9TyI
zk>?^;Gu!3d6dlodMP;*=O^%IPvcbJ;q`MU$d3G&1CeZnO-92zTlXDHFhZfssqp0b^
z=kDI%R=^ROi4&}f=z3~Cl&S{~<daC@(m`ilHLEnwUn*|R#}+q<^5=cmMC)Bm&CoWN
zcKI48gX<9?TGp@5TB@A?#8S`ktpn3@8fLhodzb0aWxh%jmPq3mi#a=O$?KvQ&1<3W
zLuZ}dSI&KsFM*D*qj?byIzQc&qoOA7n>b}UjT&hEAs_GB4KR!pdT0?jI+&A+dy$VL
z^52Jz$FOjv-XkaKeKq*LhwFO3)2U1Bc`Y+c^OL+1c#os1h0vT~O6J_3Rf+hb+uzkz
zO&#C~tyBd3`V#Z<WwXuv-?>^yYRnzG8d*6=lU!-xJ~NO_pXk9j3k9R)z2;_w@kn5@
zv0a1G)?e=UeQ6aC(aIg7sOl5>Nh1t5UxWmI$y0C+wof*&9O$TOzaU_jSM-V02W6@d
z5?^N>`>y4t*iHBP`8bs1Q=~`bk~1z0lIY{dX2%WFrMYP|$Um@n?1G(F#t7vxWWt?f
zM~&&{n*sWMw!tHZcAj_HGWb0~82%`dG&VO)_FaQxIJWdOFFr1#2OK)}qlZ&BOrush
zcUt(q)(m&6wXjh2Nb4aY|1d+lg&u?dE>L7h!A{QBR>RT`v5+Oj-ay`S@Hi`L>0PI&
z@oN++HhxL0>*dT6NZqStqwlkjBn4#+@&}k{1LfM1JrO4Wl))l02erN+IVCr}tClKc
z8&z%~AA67Ng>x_Np%KZ2gUN+Mt(5p;1+Zx^qd0c#>^x^q7?fd}?4+1FLF{MUsuu&J
zBi>C2VMD=l?uMx422OlkItVhcV9~33;Sm=r(Rh%qgUTG-kQ{Nv8JIVhpaY>+VTCJ#
zNs4<#fvVbwq_`TPd*sG^neZ0j;X%pzW{Mn~x#;HFHBNkuV%JJeSKNmc|DmvQPm!Wc
z;E+qTFn{KekY!Q?ut`Jt1<5}eMc83~!YW2nW_A_27TF>j4V5g}A_kOQw)12>A!sir
zX#qRQ6;E^5cN)1`gn||Ob>S853&oeBD)Kc_<1(>I@>?4RZ_SJPEB7|@n)J&?<Dbpn
z39ujnh%Q;se?~8C`mN|=%XVx8zGM@Gy;dE)tyR-PS|u6XuUYd5QD*rVjw_`|<T3yK
z%g;n*X{AwFtJGRVvwEATAr&D+wGx!oy9b|CSB2^=6BtQ!-GPS3kACX5=24QDJM1=9
z8H%8|mehR`#pu^YLols*RebUt+fA?|FE&FLZ|`LhKi1&m*fEz$?(B9lJN#p#UYShn
zON?lhNgR<iV#VoKigYdYF>@R;JqqO<uUOxCFs)6QyjA9!;xpDk)niB(Bz;SE%je2O
z3R01SG-H%e#JsC*7WntdQ0&xlgf@=Tp&g|b1jhSgH5Ha*swPg+uXoiFQQr+c6k)HV
z;A9Fi-WwV@qbDAXas_;hmVt@u-<r5mo*>ENna<Wsuqze06TLBxFh5{n9{eLIthsy}
zFIHs<ZC1;1&_*iBb2w>eMVZHLD~0C^g^W;C)W-WZQuZ9X47ug4Cyl)MU9!9@v=!i;
z3cquy09NJ-1@A-m(_@a_Rxwn|_WqNQQlZ1q#(P1Y3w?-SBA?R6jwMs#4Hj>bKMy6Q
zmbo9OGiAmKN%7f-WJlFgQIaN?&EJ1QH=SU*O>AoX^xutUGsVDaEpj1dDrxRt+$cfX
zB?QS%zHg;|LZEgVMR^ulSZQ>)N7)k(-<?m~<>BX78`lwcRfrRXkz026)Tjt;ea#i1
zEN%h$oUOH*7?+r{mCeJci&#<zhA*<~NwLFaqt)y=AKlQYq#>gs{%mtZITShKCj!HB
zbMpZeIh8+OH4&ZK{l_S(4G8wLS1#-z=-ZjOtY3!Z1iPm3$=PUDZ!42)-DNX+3QM6Y
zGDtD_DOR6~LadYW{mklM=eOs6wv%ROCs*cOGcj|1ATqw$>{gfkyF6!?FfpR+O_aoB
zA_}7@-n`4h5!vA29_1;n^@OaPtf=yQ5_3R3$orc=qS3581QR&f*#ghZu%%<A7`wo<
zZJdHdQpR<siNkB8{x%y49G9!Ea<jxBJhrDcqh$kS$(lRgWApa1NExgPb-Z-SELgPN
z<a=}_102N+lcIAUAN@k=5X2k0Z|2P1Y+w;}9ooIB;j)S@j8a2T5kF2zcF+cwqrKI1
z_X70ncY<ApgD9wqC{L+tK0X6uLL92NrvCId{@2`$K}d;><niN2*K#q~4(=6NoEYbA
z9s8O5VGMY@21$w`(a0;1jEy3|QXl=DxMq1~{+ulW9IwIkPz2r=m(t@XM4q&Q>oO6k
zt`j!)N#v?KP~kpl{%#&>`gQOfNZn&m4O7i2U7XFNw5~-Q)c6T4^n{#F7h@$OT;8&@
z6vg;X2?}RfX_|W&YlD!uLF^;AxQ5cX>b7zhZH3m!u2dn<HspCo)2cF<ATlcQphonV
zCV8gLFYz);k!AgBsScks8eO97lvPeh#1T}_|0pmWsvSWn1OMaK9JMcBu8rE%;Wb_Z
z`bS`eJ2H>TX)8Jg_7%9;Iw?vgPkndgpc=|}8O<t06BW2(qB=AKg64amDBP^4pAnHR
zT@&O5^6`6D(RmwHUn)|5E147(|4+53J4YY5uh(mn(y{!N$amOf5L9&8ioHzolhL_?
z&hKm=zAq#zjT-kv=nlSixMLpH<JncP)!GzRV;cDFv-7%J#-eKy+(nCIY{mrkBh1vi
z9fe`K!@QWCBjmg+Z!eVIGB2hCQ$Rk5f~AC<e5eE2S$k#M7`k|!F3qCF<UXGqCrp={
zQb#PVI4MbQS0|YLJKH%vkQv0u7pIwSb(%(}*}bQzO!E|v01gq}=RLrca=v|3esPCi
z-pZfdo@!MJXZ&xi(OLWbubJ)`9dJmts$Tu)SI)cQFyE!ksYE!Mxn|M4$4bv#v?NI?
z7wt1HcT<-{w%MgfY-_|Qd5%Y;+2pZgkTcS$#3K>t{^KlhK0Rh4Rbcq$=2+ooz0U@(
zTi~MK=VwBxrG-(`kHQBOlp*o8MguodtC6XdlIG`IcR$R9Fjtsr30Z?hMSq!yCVTpJ
z#cry1wdi85309EoiabZ$&+4`ig)3*7mIWwB8cnkE>Gu*aK4+TwQ@PNgvre%aF0X=2
zP!==^o43lx6(QY|!2TJX2nZ_5EUx_(9YeLLs>ZfgCUUIeO(lEH9IFdcc^rUvJgH&o
z6K^K+iRQUWIMPd?kFBMh+!NI`TIMmjP41v*<lamIR)|lnV*d;x+x@s{qVp=>nF5ka
zQ(tv%(x|*vw)`Ty7LF>4`vNm`KROAn#mD<~K?n3ZdXY>I+nMgJ()(ju3iCN(_@767
zyEQt0UsT+N&ENCl!PnpvIP262?N<5w?h~Kw!s*ZWS()^ptMZG=Ykn<~OVB)#*+<#j
zIOc`sAd@2`1S{99*|Z^X!WR_YdC{!>pSd5s$>${7IcE~dcgrzTG6RClE}>4wPMt<s
zALILFAt@G$yd>bH*(F&m$eV>z9P=CJW^%CV9PiQD3*|wvG^#*!5G<<*<pksgO{Tv!
z3Uj^8t>1f<eVIMv=1ZeSb)UlTSSfAYm(~MSsRiJb>-&ul<n9_$)v-P9LnXV<k8%*8
zD*2679o9U8oOPpkNBg;apbFo{t22VkI6kSb1oEKPY;%cZsZ0$bt2_v>l9N6zGjpfR
z6WZ--5$&&?1=%d@ZS?!dQ@>Pp9XrZ|V(C1XOWQ||h3r@^HovsFbQ3Sr<jAnvW@-}6
z-3*&{^b{5e`Gu-kulA@49JWt?J=u$?V=%GGA)5)&?*%Xr%DceoDM}jnQ->D<5v!H)
zn6~ZMm^{!;lReF$PGCXylpVOn3d$J1y-1*LR(3Fax<pC+OO#w#KW1|3hYDfs)!lWj
zbpJwj-%UZi?j8a;ESKjFAa0{JL%*WMQ>6^t9e^*B|Fs8|`3Ew;upglsBq$Q0eDfhW
zJ;=d{9e_n0cO@`)OtoW9)}<{xH|-kFQ>nl;{=h>|nvg7nBg!F$bA4A|(Y4vw1+XS+
zyt_oupv$nColz^(M_|T#t9?g>Bw_pCD??ZyY5d7$wU76)UmsUE1$;O3Fu%H+q)B~z
z4+Md79%JM#!lcc)3Bc4%0RJ)T2d-DR&+kZ@4}LT=eS8i1F?mi9vS#;9hNRvA!Rlz<
z<JR-z7n!C7{c-d6o9k{l$jBgI2%Pd4-NqP}VOp&g$8ZdD!M1-zPpV|yyJ3MG&|5}v
zyc<idno4Q2!hMU9<B6ZoH<Opgtrl#?4n=2)vidwXw9#x=@E3CA8(h0u9+yWE8Q#dy
zrUj#5Cc|am9lax7(Ai~qA$b*++Dzw#0AJ+tD>+XjH!!=c;&dzfS3slmIxXaDsyGH4
z4IH-Hb=h$z2x|LX;SR2db){|@1FHRUze^?Ty-)6cEu6wHcjKga<@>nk=ZFK7qy=I7
z>j;DYJ?_s*qaozV9}X7~r_#Z0lF`d^`>~fOb&|C4!eg2yDkfb<aSIhW6}wD6&-)FO
z&#Sn$5O`DWE&RQ(=yuY(2xaA;2AJOMl8qkI${*9hzTuJ-`S>6diDwvE8$qU|QIkMk
z#gD#El*#+18#Zc5jJ4zd<P}B)@mQVNSM;7tH$_<ad9^8#yE1DMEr==@v~NC!)|^C#
zlFckyqf(u20d!U0=I$aJ`8=@3pW{&c1M|t4B%SzoWa2bJC$-F1P6RQW-ye+>e3(0a
z>@1U$H1>ZUopa|1R~bp{-aC=<<=-)bskL<DKh}$jqrKQ0;1+Ja609gIa<N-JC$C!}
z(7|ljaP>%$!j`ppjYOejz_~Ap4YT!(xLEI-OA|%JP}TK4nXUViW-of2`A(~n!dHhy
zYgAMA>e(j89*-j|<xdEgjle}jnPEdR+b&BHeOEeZ%-x{(0lb222nN;aAjCgbromxk
zLo~Q3=fB9f!?-T^o<%fEPMWu2V;3j}YljtwUacOj$|bN{qLesk<C*%hW~=pVZCO<z
zyvX#yyK4Dl{?MZ6KTnLSlbhsz=KUhL%f>-l1j9vUr%qX)PO?^uS1!+@ykrnNp^F=K
z0sQkSw@NMiZk_rO;mH$sbH~TK-PHL;HQZB#c@HGe?_@sZ8(6JJFZG7#^hF#K4QK@&
zGI?@ST<TiCWGBvM=Bp4>(q$uqd0O#xWH}PB&UejdSrisHOLyhi*i3ZOcUhl5gi-pT
z2xA>=x`v&I`$&c$lU~%pTFWSe^*HlgtC=;HAB*_PXxTIy2=;&w^JU5@#&CG;yApls
z{6Nk=@h~g7P2MZ5OuW!5HO_h1vt~(D^i_1o5#DD4(Zc@&d6lakUefnnPcd>k64%!*
zp-5REMBvFAc`0BX1N(x7SZJI+*Bmc&vUqoJ$P(JY8vM`PznL4h*fUD19vjG~lba@$
zyt<MdzK)371lPTy_MrhQ=>eESr7XZ;4hFF+nE5<fc~}y27~6WqbV>P~J$2=p)rvAV
z#EBpkS3uJEC0@D#25-2Holu>-AJbn;GJsP14xLOvL*Ta<SQc6H)n$QG^iZ`UDybrr
zb+vE^-kqw>h&*=@L07qH^T|va#P@MRauRFA4%IBXG~e`03nyRA9@G2?ElCApXBoH&
z=Ho%!0(%?bFZU(7V0K8(5MxdA?zSggjfMLn>OmNz%y5ING8(vyFG;iG*hTf4rd@EE
z6p$u|BAsM)BnOagAH%BzB+l}($ubO6u%V)Ch8#=J&LMK|FzaG9H~uI}a-)ITs9l^V
z9PHdwBC}RNmR($bQ-AbsjSC^l-C+YK0)?@rlj60>jMXdLNd4T-Iw)LSH4=&D^~Xk0
z1Gbw!fbzX?Y5CrW)eFK7y;l-D*2%N5!v)oH6gy#y?AFB^M%B>e>Z`oUA?RtdaU9$_
zdzA{Q)V`ro(>3a6e`c)Y^*QfQGrOPzPFZMqn&WRY)A<q=uNDEJBdP8uSS&GXQbJAy
z#GRQ&4-bAdOOn9hxuNZ@T>G)2x0Na&SryeUn$1#a#4?tBRcealI~<%K3gONx;t0VL
z-pH4aVf{=aI_`auzm0=A_95ssyb}>b;>U33R4jN~$bLa=^Sv^G5`JlxY4|uTrO-Nv
z7oc9Im6M|4WVLLUAxWrtrB${iCYOzWB4fzi9ft%7M)q=*;Idr}YwfV0yu;(Zazb>T
z{GQ2_?^<cnjKU(Z;WM2A;+3471oqFQV7rx#VL=`A(RBT!MXGXJ(Z^Qg+pQhWm)0Vh
z{dz*)bzg|^l)YngB~iOI8YdlgY;?F|+eXK>?R0G0w$ZVzj&0kvo$N2~Ip^Lp#y7_O
zasO1+u9|DDr*`dHYtK2>nop6L*8K$KPm>JOfLH`$zr-HP!qpG_W80%%Xt;BQ+;>Y~
zKlzGuB{6+DFHzh`K8($tVQ$5}8E<tbDWW=)18zw+HNZKRUVts7NY_x4{X>LQ&L%&#
zsGm7eLvrB$EGxYgGK*WPQc_-}P(uMsaWpx(JXIkMM`7fSGm%Y^#F;~aJF|n$FjK1J
zsEKg51q=1aSKFSdeIGJg+jd3JQ0aA=-w)=2{Jt#k2F)KgYG0D|N^MV&_g~A}TKwF3
zRo4dns*4DC-KAiw%`h})<2SXZa}IX`gM3GaHPMy|Cc$Cgr&pW>+lg&u1$8KNc@Sn+
z%3L0E0QBz0JYF#?vUO*d4UpAznGi0@ZQN*9VnV?g2SNq6J46>`3ES@dpPe^vg3;LQ
zlAL5eex>$fuOje!NJ!Po|B*;Cnl+}UTfP5%bP=?hxt!p(ZvAzx2VDF(=Fg-$l|@g#
z$^}~6!w)xNbq{{3wlz(%zZ+G(a=&lO+)8!e=&&h(v?bWy&;R<lb&-)fGr~_(ILy(2
zkXuk}muS6=nY)PESaE(~;Ckq!41-SqZ1U1%_cib_O4E~!o^R}l?TIkU5z(D8Q-Ify
zcUM-K|659fB}Eb>Cod?_MRBa4<6oido0MuA>L~M0Lc#piWL9E2t)t5p8?9NmsxA6u
zw4=O*w_Le^OPiKsT5@O-h_`kvZ#i&}w(^Q%`g+gyJHS@5-Dw}GE`7?O*G>hsn}Y5y
z$!ws>LmHQ4iBRrk=}cSuXjUh^gvt{L1+3yg0(5}_bt8QM<RV`|D26KjR0(ap=@r~Z
zF-&0;8D&AFAepi4+`wQ1Ae+A-mgX3Li7R}BXXv|$2@puPyA{EJ{AXm)pL1@On}R&g
z>6&JGY&bwVL(5Ws-(~twSEb&|gMR^Q`(K+ct`$$O!oJP_Il6x^Ld%|-Fd=7{^ff9k
z{!sez;9_oB&0PhK<v!aDUyT&Dr~$3NGH>eRDyLUb=!@}LI%-b~qe`?_D^|eVImM?C
zq@_Y@gLdW;i=<2X5ma}M!#&BfF|B3XNqN~Aqsuc>=6|DfQMZDke@tG0L}o|^<@ZNs
zsU|d~DWwxp(!f<xQ*xF>{~9a*`M@a=(xK&<<QXJ&1xw0Es}1+0#1_b}V%}4)`eR0U
zm8}eyz5xbyh;Cs#u^c{yp=5-3y&|}r3y(UTU(^Rq_SL1LqrXG!@X(v0V@)R0bnZ_g
zUKw<BIQEiwQ9Jd;y4_+zpUyqPHM=_{PrwzuB_rdo8bT*cZ(>AQx1&J+CmJMa)D#`M
zi7dxmEb%f|ub&K=taac5^;1^zzIa_?_QLqW!;d`T5dKyF6j3AfAmTfoNU=eFxuq#x
zm8l%ud=z)?@j~SjNx&hXhJe;mNitl#<QxOn-lskxyOPs!j$-&nCb&$8lESF)Q_Yxv
z=vqy-vs=Rpr(7Ue@mjPg+sB#&Eut_}*eZ+;+jeetw#wqlSWEhZUT9I$p^o><&2MC3
zQ1{ss5&tQfmdXy%TUwv}B84)W8+Hy6RSo8Y%HF4AL^ho}_nI91A@0A=Q%$A0MY^z<
zd8*=}2I>!&S1$+KsfW+s(h;yjLAB$m6z=i3Y?v_Y@BU5D1y3B>oN3KS{^(c()R;+v
z1*$vZXcraWrk(nry6#=`_(!)VTSfGnh@rYSe5CyS#*sRRXa)ga)nwyRxGMt9uB{>(
zL`cVtPMSVcrhluD$8gF(3Tb<#{{^!bZ9T@1L;xE_h4f}?ckLfZ%B};ZqM`$r+_sKg
z11LLRC4S8h(muvTFOG&=`i<ylDghH8(K8AP=i3hcUn{!+Vs-2t*aWlmudpppoAczo
z@y=Y<EN?tC0V<!}0muG{Ba4CfXiRNRSlfDNk7yi#0Kr{MG9m|<*8)cXQIvsl1N~;g
zT;Bx#)B!~igJG&CUVdJ%X0jSfpUDC|s9|z~=A5-53v?&Kp_!$r^iI;9VPbT+dl)GU
z;pmi6KpMj+iwSHeA@4^d@9}o7ikfKQjn8Ke^&pl8Wa`;IMQ6we+-C5XSlcv3QB$t?
z#k->y2P>j}6Y@<L?0~tV(aTh__nzy>u2dnZ%}+@o{rF@|;@5{&45zU}+<r;a0}H`m
z_DtT<^lf=mKtWs@AwJ$8Dypxs6h}P>Uy${D5Ecv79yuw2#7(CCKQFkgxT2~gDPQkQ
zpGOcRMR7pyku|bI|Mz9mw1{)zr$!_W@00FEj&ll+r(<zPblS|>VKKxz4bD<Tp$4wq
zGd^gn@5GZ6I7KJzpl9M~M;>~Mk5gGU$H09Z)cH!=+C&DaWA|OPl4&AQIF<YOcU&W5
zFch!dvv01c)`U_KF&Hl=+}rA*!QjT?(_TJ}5F`5)B(h79T${ez_b*qzITfEbSaMz(
zE-c^AsUqU1efc&OJ51y|+VqgcR_=V3BI!Dp53%zUzkyp{{q#s*XIt_c;gv1=rRBpe
ztT}kSM}=NRK)LR=6k&Tyf}5Na2mU)mD)i3UR^aOpgd~~69L^Hn7vx_ImMb&UJ<Tei
zp^RtXJ8*;Dw>K2`sG{fY)iWWndv}D+qOvZ~(J_j{?n^>3X=8?qOeXv5?OYNP$YK+M
zoWTuYr|yD*++!GkJMFNS5ZFqLe+@$~zwZa%e7`(8yCd~%v6F^%9z0@H5jQOM)$UxH
ztEr=^`@NX92XPu~3(A!UmU;&(U0448+4zss%CeF*RO;lPxwyTK7D(-cajgUPB5@U>
zd8)<w=Z+5P`>&mxy&y`e*72u&o~3}TPOtz4N%k5=Ni!`N7blgig&%6E)7==a#cSA=
zxCQt!+G3zz%+P9W4r~$kjKJzuQa8Y(!-(%g*5qM6MV|i~(i`W4AoM@%;i?IJq^xgM
z=5AUaD}<AuTNr4DW%>-n8@>Vd=49V*tYUjk<$OZ-|G8v-;?I~!y&n5IW|W*f^kwjU
z)99doj`s55L$kDF@tN+fN^-;S{Hg)S(NWe*^oL6G4&!?4XpWcG9#34v7IAJ*q*P~L
z9&pH-f2SGK8PBueGTlSrNr?q$1~N-!CpU;xA~P1;%B5CcAE)yVFu<ZV^i>~ob6}Hc
z@}=c>kU`<nEeSX`auCPzIOcCk6{euBm6olr&&SR(jm#szrA4wG?+EUO0k46tzCYBZ
z@dm?KSR=A)B`<O+(fjn@5%-OEI4lmc<E^lxp%7n8&U|)k@53y;Zy4Mh+MUc|)7dQP
zs@gKSFnVcibx8;bd=US{4z3(LZic$Q9T)>At0qb<xVt<4q)ZMoD5-mIk4}(mOJ~ol
zq5Vh?a{x~-NI5+YpNA+z^<=K#trR9th78uAuMLiB>_0RL1K5S1CT1tBrnkGKsJg`P
z(@g%1CS@F#KO^-~x5dLur!jvC&rrmVX3DQA|8-#ci&E8MEB=S=R7!m4tDvP}faWj+
z@xWkcF}vq0N?BzC^Ooqp@71<%vebhw{3>m=1;zKaHJ<JhILF)h49-d5{njqTt2G+B
z=szl?w5w!=`QuO@s^<cw6Jt}6j|^_vAv!PjODsYZ^xtg#2NN{bMmz8#*DVSR?fSYR
z<`Xlh*+(aZ=i~~06V=wOjpWWGzFvRqXv;r8K!kn>F^j1lVtNn39rJr`9l1>Tc2C|v
zd;oEBb2FDu`4dXoaCz*#|AJ(Tor(r~5dpSC88o?MJW(@1N3X{A$=Iq_WpVh8e&a(+
zTg5Q}B{DRGM|sMBo*F=Shw6)Dv-pUq_(FfEz-_}b|K8HbS>k^Br|9@ZUpdrVphE2#
zoO>Uq73tIz%u7*~2=yu?l0BFfYkHAzu{VAM`#!<T-bgQL<6X!i5MkC#g;%~h9Z3p%
zJ>it2MN>r%yMXEct}5&Hwu&V3^fdOMgDbqp$JyYH=1x1kI#AN#)r?t|o25Sf(9@FB
z@VduaKk+Y5sYC_^UjiAo*TgMWO2Udaq)2=>Fot`fDi~7lmVC6%Cy`xRHeG4lHJf2j
zCRfw+n6dE(m-(mE)1ulR@#+t&CEsqK?@Jv0=s|y|Qo<k14l)j=slSd!^#QW=<9e@A
z$IrgipSZ5N+d$5o!_v=Z6+Uh_KD`T-_G+=6BGYC-1G=BX%8lkqD9`9-W3s68!I+MH
z5=rVVdW1O=l3v_$KCADZ+?1~n=3&omDcs8uhHIZ*7DIIZ?;Nja?V!|Pq{c-{Ru?e}
zLWl$UEr>6Z`|Xo(!rIN7{0n%`zAxqIGz{dK+6auSY%^nMH|@97?}5&v9Y`&kP34-W
zNgWJ?TTD;wu2;SP+gX-7GJwJ0w*8rP^fSlB)Qk*b{c{mjM+<5jsJ{CV8yJ{45R=^D
z<Qml4*_8bD1G%F$2h7heYJMc*W4vUki)1^QBVe%jN5P+%lwmP8C6dCKAM@iE!~DD-
zO%5{bb&ji~kbcXq%0v=lM|bxk1)XigKjHhkREh3>Be8l&%&pa=Ha=y>u~614z)reS
zn6FeV5}P-P3hf<_63J@6(EOONs~X!rFOKD$+sV1e&c3a|<o%Kf+X66M#+;fx(?1VP
zN9`Xp#`Ws%@_c|Bz65XY(Aq>yNAArDe%&0@k6y_*>6a{dDPy;&#cU8_ccdQY9&{$q
zshFZ|YO7);!;*sCNDu@nRf-_f42&Ofy7D=uF>i4)PrqOrwX7cv!+lMdPH{eES>>iP
zhaR?JyBhd-O=mY@f3-w1fA!T}z+JJ&bTN$kT^i||;*<F&j`Q$!y9(L{qeva7;<(GM
z^fe)Q;zGaGnG?(9l9<R-*e0|i6G$dCJL69k49|26Yf0Y!%^ivMv1y+<A@~`_&ywzI
z&863cr`trT+eM?Rjq~ETGv!5=C(c`f957j}m7vMSOj;GEt+7<}?OK{3F7I=<iDfdQ
z{W!Ed7g}MfCclVOxbAZ)l^|um%F~p+XpyisYxJh56i~21Mc;BjlS<#T0KKeNZ=~U<
zSM6A6rGi@2KgkfL8{Rgt;E+|aE{y`zxqluX2X4LIy%@EV<XHyXT?G0>@cDe4x}kPa
zUzR%-!{)j+%;4)#s;#l2$?GmY)-jHYyn$~m$~qc-xiyg3Kki<Ydpa&+@@?o?1d>FH
zIe5JNll>6C=fCBb+nkY^-3GdM+LZay%J7}Ej78^pwJO;%&mu37*iG}^U%5B0ZepVJ
zNO|fBfi)cQMb%uzbgp?GG0k^wnQ$#0zAM&oEhG?!Ehiq6v*~gXZa$tm%52D%=$WU<
zE9n^r$^Wj=EHp2=8503k(&&E8>>cVgxZU2X$RJk_`5If>2P{*sf1-dFZv<E;B8#it
zsB&(|wzJ$Hob6wht|db)VCp>v^M*Fwk?BUUJW?U+|3=owK5Ao|Z3TwoV_(a6Q5$%@
zk3s!RL0H12driFG)Vm_^CL{^cW~<?sQt${>h@)P9y%LAstyygHb2}}yK-0T&>eook
z5P$vkvi8nze66MwRnG6_;WQt}->4~9lKB;Bv)r!n%cYF}r111D_P2N@eYP>d>yt@C
zcd-dv{dG}C7fF#V)~ClayRj6(2W8!nESteMKdAT=5uo&lv9nbkju7H*vu-{QJfqQp
z*bMMBKJOF3nxww&UGkCJ><K5B542GmImdZimT+n6Fd`G_h`wycjTA$|+8JImby*s(
zi}{*$ah0pm?C`Ch?y%yqd#}yIvuKr-eK<UPL__!XIak!eSZ4!11IxU8LCniP@*r9|
ziaY*zANL~5BkDxJ7nRoq@~2?$e{d~Jx(v_jUfJ2D^JqtlHQB}HQ^j}QjRnW<st}7B
zxa`*DQp;;J2|E4cyxe4ZJGr_VXycc3hi|AO9sHU6yVizps<OLlFovd|n}$;yy}3}g
z_hK&P@+zlrQEZ;bM@Fk775@ag4jHl8g=Inn5A~n~$HQiFjMq)5DPvs!IC9DI)#11T
zSWy6*J5;Tsqq*Q#GIW2uAsuaI$)mKNjx)XB_JulhpWEUcUcSeDRG(Z_a@}aST=GV_
zC<i3|bW*dGDwDG8#XYr`MvG?kM|LW#{l`LkTy2|m``WpCyhOq)m}Tp6RnG?<-r+1}
zyHk=XQ|-;?@|-#xS@;!EvicQ?p!PS<`5-~F6<K2&E~vldegm(!j8CO1TVd!|eHZ$Y
zHP`vdVA=R#YYy{2{8p6pgN{whBOk~t5VsR#+cOAH{E2Ik!KM@q$wj`8jl%Cd?Os`&
zRVHY~Re_kzKSwvdr+?L4RRiq_6%GZfblsjEiT-`gK(hudYY<TKQw9L1yT86v#GyZ9
zi)gRl_kL5qKfeA8z5ge<E}K@Ml-HD%t{Ta|%SZD1KKOC{^t$?L`^7$-<H!PhxAHRo
zdNw=oO-x80KjQcKdOhA!ZpYDc<quo#D}BD7<_899`>{>*V=hQpc0bR0*Rh=RtQZ|u
zZKW>Aon(CkJKl+slX3%OCx)E}Xz$;)>e(U}h<13a$nO5NeJt^JH_#Az|E;9Epf4P5
zRUC4N(#Fz}2mPF=5kDAc)z8eDIQg60kfl=XVLxWbwJkHopEI$L0d)2*6Qj*NRh0Jd
z2ll};>eVZ8T3cnMulm0KynH%}hF6>#j{VsJw52S6Jfz1WN?35;xyADToM~VHJKEa+
z(tn3}yOqDMA)MWh9*+NnG`o6nWI&nMd%|%K-dJ`=|EOfIh5bQHX4paN00F$Zq|%GD
zE5^0cFQ}&;G5*|aP;%OjhKCE;f6asrcG^RLm$V$T6Ob?Oasv;%GyfMXSoX9>kA-HI
z&1Ik{AcnVn_3r@d!$0&3vIdXqRH^Y{<HldzP49LR_|gCj0Il5|h)|vSb1y`gH4{U^
zE{zHtx8%%iP&3tm0X`YgTo2-|WY<%x!X!Lh<D+bZvNI7uoFB?$T|IVxK!O_&*|x=Z
z*Cy5dBLU_MrFfPK`);~~Scgn&4){*#EIS~>T_Wu?MS6t>A>W^Rm{#I&?kO)exECEB
zI5gW=CbdE!iD_ks3k41$(GO7SGXCWcxqjR+=e>^Oz2fZgRMQ`lY#SGGc@<xjoFgp*
zJDHuPnO}AiWD4A*trKnbR}D6rbd_G$Fx>WGtfv1r#N07_+`f?GE3~WXS*@}m-PkB8
zJNmoh?rT9m131mq=JM9Yj1@YCIpOmDlod<Qxy0wV|6(BP-~T>*jE~@ZpMFyXKJFC`
za!eSKKzVKD19kA*{aH=S`_;3=UkYz<q99EJjXBcLRAHi$5SuwtNK-+gB5<(#=<ZjW
zbx5pFQ|Xy`+0~}ab)XX~pZchV$tV^7^kMhEv_~JB?a$TjUkRQ6+5+Eyyt>nOv?P>l
z#E1n1z`8N6=FmAowY0F;(4cwwwz5>N)jLtk47Uh;=E1nOM7UHwp@k3ca<xiX^+}vq
zYOvRMhOWB@KOYyHY5(>X{T@{}XOlgOT52px6tSwJ7m&^-A2*=^faSf15tt;+$#YG}
zu@n2>oFqYn8YTR(2@ijeXbuF%UGtdRRiO!CCNFnOMqiygM9RkalTrT7&v>W({W|I?
z(*6VQx@0(|H8FVARRh-Z8X0GD6m$Cb{_-kTV&4$Ex(lx3j*XG)=Hm*<qwq^=^y;V`
z`df}=sFd1#pwIB))&I?wbQvh4B{C0mv>_B5uG@magYWZyT{4MUT1}z<SYBSm=%lOa
zx2kET(@JSj<4lVk@K3Gaw=kiTOO4&73}4AwdK526$wVJMx24c61$vb*qpdug8#UB!
z*h%CYA>}vJ)`Xh5SCv2W?DTFU-2HLf<aN<|nXo|{2o7lF*+zqOa5w2d8#ufSY{lEi
z2Y^wD3VcSul%f?s;3iT&X`~mJp0Zn{bR)b_!2Xh&RJJTpWPU7uDovM~T-Y}fo?N(|
zkS<m)EJ{>f<=HwRRAr+iIH?FJle`u9J~-a>=ffQzFc=-*+%!AI)3%=mZM!TkKl-&)
ze7{3}dT0NgaRVU)iOaS|t7`3YslEazy({sD!!sG)QCB1lseG?e`#2olrFbqvBKfdG
zHf^tN!nbi^%E<hE%3-3<wCy|v<@U`Z_3ka()jXxUQApSgrjRT}G08L2m;QT%Rx7z)
zD36o4_!!XSYDO)oKBb^AL6Ut!b#$rdB2m68T2k~G4Geb9+SHb-AbXct9kX~n8B+{5
zG_x>8U<+=_jN5B3I6!4@R1;pVTqaOu56-rt;)d{<`y$g3ZJi5RQ`@Ol`?Rc4tdVT~
ztoLJaun~WGK}HW|Ee1H1mS+Ei@T(y<omEmFC!-#eikLe;ql~zXb4_k{?+*VIC}4L~
zykAe`|L_~ji6uQ*M=LbjWz9ja{`PVt^v!m<>>pF{EenWRxLO$|D*MugM)#Pvs!$C2
zl;%e=^82va^m%+q;7U!LKKpk%?3lRzTE8LDJrtSnwM=H6Q*z7XA)RgHxwjp?_I1d&
z<@f?r?*;PA0LP9YKY-h5+dk{PK(m)^z!y;M^@H-mm)bs#E=R<FUPzqa4Kv|eM4<92
zga_rHc=1)k1LJ?F{B|DoCp0AoAocpBes6HGNXLZzgq4y)cMgx`2?G8ZqAL;vEIaKZ
zNH27+N8bIECjc807I255@_;z}mB#}i{`UO=fCPH@>xIcXp9jJ&BXkG)?)-B`8j^pC
zM~M!6%tW9KzMC(#H@3Uq>)0Baf8wFrfG=n|E$|wQF;j~6Q2FJE6TMqSp{Np$AM3m?
z)?-Xw7wY3R#SL3GX_4H-F7E<?n_cNCgnwd7;1#2rvpe`t2Zu;oPp*B(vqE(+`Jv{E
zqm5E^aHq;x(~Zs!yh1f3tl{fw_B#$y3YyQK8XH)C$z2M{57OXVFX5X+Xji~kf`A4J
z;CEkxjV~(AkCp0=C9=r1<U=?h;H4>v#(yn+VXDZ5yotFi`_-^xVan^>g}j)PD7(mV
z?^cX*vbQ3$ga!H$shD$wKj~;kG$YWCbvGU5mppM0Ax!iaHwLRz&`q;wEXuEsO+%6J
zpIZlO1tKs>F#bMUE5qC)K!K?!{>cwNe)=2!tlZC`rB}k0?N;WLJASX|>D)cv7g^~|
z_OYv*?5Hc(!Oa`|>CsF>(-+yH^gFr>*YG>KPJh9IPB;!#F?UQ|AH+kQ7i!gChdORD
z>{~q|m!7MDYp_F|yiT|z*Zcx;`7Ow?4*MdcBv=1CI{B?&`gzQ;j++v9%x>J8O{B^4
zo307sL+QM%A4$x+=Z@rF+wa4!Q(-sR(p$Jk+%J3%C1nE&)dB2NDmQG9(M-r6`qB{F
z$6s>pP&da~d)RsKU`c{`f0#{vzVyR`sm)cf;BSLH1`=;<QmrxO;gJ&1_uVS-fsKg^
zyuxH8#qPW|QxXbpQ4L0a(1G{^2tfzKKQ5-c5wb>>%iX6*8Wb8wyP7H2NJTS?%oEXU
z?hx{22)=u*3Q!Z)yh^C)W*H5HQfJN2qmDY+Z76Np@3Tu(O{!&0Z;GA^n#D_Jw{`hT
zXRfAIinb7QlI7L}c1eFoI@>MAqUC||wm~1lZOFO@VlT1@s+9MjCVVe0yT|{G6bdJx
z?X(^M_r2S+Vo9$%GS#$WUIOVzTPMTZVL&}<7JVQMLeKpR@c7^DhMn_=Z_Mtrdjt^3
z%7+Hb-2*Cp_;OL`!2p5ZzGTYe_+{2=pilCS+`N#8{;*N`6JY{^{}?TnjY6s9iRTkN
z>Zcf(NGO>SZ5wl{$}f`Q8)Jw9U6yy|npWkEOwR9(3|2r<%jm(2DWDw%L9Ha0=KU+f
z<w5%;!1r-Su<}WI<e1PppyroM<ltF}PS*;IPWBl5y_@YK8Rd866Pnz8=<S%hnGkbw
z;9=Ao__KOOJ8NJH$f2KTy}~-`eSVFuPgUW=|NX<@YS#NE8@l8{URyr64i4fC`c_cz
zLrU!t&9(EVJHBQmL@yLn-CuhvTO3mNb?{--$!d0Z*6ouqzhtzoP3MR6s@1^#Rgv8i
z(2iOI9@ck9HOvsLO*JkkhL_u(R6MyAbC1r(bU4A;Z!c(sV<~f9P6AIlt7Y~K0^G%I
zmK`Lt9x4pG=Q|%N_yd*gTmaYt3&RB<sx}1V=^)%2oK=$beGJ3{6KW$O94fTn6Ag|n
z@>&J5*a&t^8?$Eh4^KX+Cm*&PWn+31lkUqzQr&wqVt&!I&PX3~a4fgS*A}YenTLH@
zu-H?~EQ>jXd=$l60duI<KWi;QsXuYk4I}H7jq<^1%spNf=Y2;mU^3!?;h-1Yo2gK;
zz*8~sFZrhrIcO7@o^JR7?sVj2Ex{z^9aobn0ux_q0gid__lY&#hOq(J$?yb#w+n-d
z5<cHxIAj!a@G~z5NLJOm&dGW~T^#Yq1ZQw=wI6|8wBX-DIj`xxXmv&UR&45$B_S|G
zJQq_Q7WAcSs?IwY$oM(|&sBs$WEc_iGY5F@@MRW@bCBF7sIUDMHH@=9BQjZRe_Pm+
zjPD$m08l-5#g5Y<<9!IG3yFaFVu*w)jId>rn8$2_R{!>blN{fYz$O;crDY>>lS-mP
zTW8_;k2XvD=3{AMQ<|a;v>rzlGt}RH@pvx8$?oRh-X}3`qRJ4aCXsu8HJ*ha)EpSV
z4Lv7h*4umdsCXrv2PkWT_vUWquxN_Hdl5bN<u@ceJlHc|gsTV}l)PyH1XdGn|I9%6
z<%KgB!B?1rTlx2+1(z}H{5TGs?CX}^Y?NlneBkN0$S<T1>^tko8D_xw<H_r;-K3^L
z47X1Nx6*rx$JSh-2(6&#9qp|uzg=wrntxsU<?Lwm@TdYxM~Jkpv;8Netb&t6=7UK=
zKsuQ0gt1|wV42$D-iGw)wjvm?`^_y*&!?o#yeF+(t$~(C0<Ef$dYPlQ0=Zb#U6aP|
zyzH40{gg=VRt6g!0SmL3%W@@{P5zkEGQORQi*PcB+-1zzjxDH02pmgItu6<CyGw>E
z`U5y+s1cUS*FCcs9w1m(6RB*>3?D3rgE2)lO2wJ5ibyejadb_=gF-RMSvkb#Iq@8Q
zs5MAC<~TU_lq_8Ozaog_NsSzPC2aqIli%VWaLb1d&7p+m<Gol_EzdR%dKH(QRyEhE
zRM5kg1KfxDmP;zr0`%zwr&Eh^5D=EqB;I&fIoaYc@sZ5;v{MS3i`FwH;Gz~o<ph+Q
zm2{;{Ya8&Hzp4(KxHDXrx>t)b9XL$QP(|naTM@dHL8BgvXpBwAhGO6PmaM0j@;EwG
zJorvR#t=57G7d#M_g!<8O<yEk>G^td3VIl>Rz97GZVO;Jjrb6}b>MdHLOR@VtdQiW
zvYG|$9lo7k3G_Q<mIuwE!Pfekh{Ai+LL!czjZ4E`q6}@zJ^H5F$iSzU8?0)Al^3jz
zF%IB|uEzvU&9@j>+!>iTeeJpHa*XNMg`;BNi*qiD^Cwq-?aamW_QX``!Ova?x|hQ|
zy|PI7PlOlNA=$Dlx&DPKmCNs%gFGpRyOrI8l!Xkb?mtfkh3}s^x}ROTw(##{Oy8w&
zX0+aBI3LcG!5PgO!8SY=168CsEwf;-=kp2UMTlZ=xRlSl&F&_XB8d)nmiajyEy=^e
zy035uuLO5F%(!ei^!ZHvqmkVdcmXec<Q@GRoHFPP9w%fH3AM|NzDmFI3JS9q0r%F@
zw<@OB-oiu7{PwnQFDkegL8I3FUpM4f;;$86_g~S1{HipQdV>DZe`j>Tpb$+#s-uEe
znxN+o)zQd?Wo(B8+UGqT4^?FlMAbbDt6J@yB-w)8^$4TbF*^Ag1iWk>2CKoA9IXtC
z1emo|S~P6nmVegHoWAEO|70|^`vTY*5bF$*h{{ovu(6x)TAT;U0w6IfXXR9emGVd>
z`n67wvIMk$XXKV&d?;wGBtQ|1h0I@0D2XM|^POh=GS^+hy~kgkGb+K=cFF_9kg=N>
zZ>AW_T^Jwd^!8N4qv#seU}s*#SLGOjxL~D!8j#lc6umzQ9EJ8RFt<ZVAe63~Jr&Fo
z*c>Nt{<O`Kzx(^;W%X>L8hC3w5WY;M%(to~oYX5?Ugron4Jks<FF&p0c`}%OQuIFJ
zwZD5Z$jsJ?p@`7jsj>0q1zkT!_X-P*c+W{ye;tKiIu2nw9O4B|9qi+}uZKH%rvc<)
z(e<Bc_^wunbj_u4`hLb3e_GIbhLE4rWSxy=(@7=ZYfDgFKeunqxbpM|^?fXzQMXT2
z<@SKY6m@ql4DQb8AA{?7`<7T23p@{o7yO1BDPCid$6&e<XUnQ~qQ@VZcof^e2p{XK
z;&N-9U0|sTqEMZO-^yB<zldrEUD(x6i*i0aHT7&-#CWRuQ6gu=n6tKNY-ODf+G&v2
zdaA64brF>d%`BLJK!A90`Qi2Svxbxo9UZWVwc%uh5EY#-r#6+>AfI0vlMXk8hXv<c
z(TKj?-6ZsGOI`_G@A_*j%LX8zF4bFG2t&+#u2Y4^za@0^*^JwleBg>^VQ5Z5{>h?5
zPfmW*j2O0tQ!75Fs%uq%9P3S{1wErr$I)cw3FQa(0}+!bY$+~TD6wS~yS62S&c2;u
z`vg@~jdgIw<H>D8>igm0f=d)EDIK-wyP1XK4{c~#>G<w7>36erDl<^r)9Me(!_F~x
zup6`bwlk3@P&M>(i^mav{<59!jLgSyqYi(z!)FYMacyoA@&w1szQPKdL+i`weJiMZ
zg<CntN?>0|_GhdYoejF^moh-_-7y4do@=Xocl98W+Jr<K?mXZQe0_Ce;&t>OCb{iT
z-U{sGjFWD?X<?d2B=a?wiad`Vnhu>Z<ckw-#R>JpcXX7+3_YT$^)$`xYJi%jFuAoi
zg0xYY7nL-av-(T#ph-mgi=jvT-^|5U?KzC2q><?8%up5?KpqZ3>~KGMfl#ajQy7G9
zY6#S`#1BpeC20V5DrLVy9klc1N5rkzHNTCt7_2jcv7mhyw&$F(DfbU`Cn#pSoHc1G
z5Z-RKCQhWz-6i8tUQYe*<aMD504b10?smQf|EcDV{6<D$JCYx#6b!ZC_#T<7J-QpP
zwRX0b<^wozqDoVj{`A;6{PFsKx%ZDR8ME#X<%gQ-Tg*Ni*kIP;F(mN&8|)ehTCtgL
zzNZIH&PA;tUQSigTMOvxQG1!?n|>}`#FHW#{g8++Zt<toc4M07bM@G(nj8o(n4GTk
zw>Omz;RCT)))(!K-^aScCy-8x9|E+HgLgE0=37<Huz|ajI*je9c7>Ut8tp$MH#0G)
zwwuGvVaS$raxAlOK<3;*_&Kq|Mad&_Yl(g@Q;v)&rN8J+)1Z!FOH~HsXlPk6XAc-D
zML7os7j!*Bf`r6V#iXZq^CfaJ#`V50hBdhnMO<n;f2Pk7%Hn+%a2x)$Vve(;A*viE
zN{nnZd!L(`BSi=CG_VO(a!jNuHy4(%v-9Wshb?UNo$yQzoenJ-J0t?iBru)cjLVbV
zWOv{u1RuOe>yk=$l0zY(Ios-o)CHP^Qh0W~>`Hp<Ya7SXI@iLm6-DEEiQV>EPStc{
zMf25QUlkw*ed$CHkpULB30+lFknXc6;I{nyb#L-10^1Rj;Ahe>GP{?eXE)nbc-AOs
z<*ZVO<@TP5KJRJbd2@M#R&uyZbR8y+6*OC|o$|IhH|V+wxuX&!<}FQ>Z61IxqkxzF
zAt)Zg#kPO<q1h9eI?|djGKEz~{GybKg-ad;i3&VgXqofu4&eQhqLk%iKqFJ|f}4Uv
zT4EK1e}4LV``j+F3bNfpq`)SSg)g-VqUVEX0{-z$#!SGy{+o=M<;b%Mj6r>4DRK2h
zWAm*2k`Qhr2m!c6Cg4TZetISJNeFTEpo;%5Xva}W_&?z9>mNRV1_17kRxT8k!~cc)
z@6z8@Q9Iq(nSvL6cqjdfy?bV*^xeL<QTpos=D~3{I(|!vUwmU>H~-<mQ7}p4`ZYHH
z#l!)rpodIu!rD;(;lZ8a>Cb@stp*#VBVJ22)qk(H7h{D|=q6i*|DnInb|wGAf-mmN
zvfI{|kj%^!r+B`}75RV2)lt_sxk^_9%1?EE-0RpMT`n4>{K#462;bHE&Ghw~DV!QY
zG>x}7E7JN~w_CEDk{)+_$}aM}kb6B|)xCs~Z`^Pc%_k=a)Nqlwq}m>kX?o5Mk^Os4
z^pxH6!@=?|4tL5svPEE-UbjtB(W7;D`2l|DY~e*zQg)r>Dz-0aMCY~o0)Tse9fNml
z>cuq@*~H8%(JHc@S<z*P@M*tm0yy%y_z`P%!FlNWk;#_?jKAYo{1WG)_<xSZfD*5S
zlt7Y0-=dG$|34>h?Q*kQ2F_bDDMkK2E7)g0Zz}wV-R`CNZu5Uz`Z$uD0|58``?3B{
zME`sBzv8&1c8dG2NXLNcUR&g$Lf=s$HGhhoZ~=fMkox3=|Ba`IK0M6p#7jyIy!#`s
zi}($`hC1~1%3SmP#)E%jF30RPt9i<m6~4qR%@nyEfu{f2C9b7U^X0Ckci4Q|yO1CH
zlKzjX0o?yqH9le=kq&()_>+LQ?-Cmy`ya6i2`I-HM^?lje~dkRL_9_!hzRj9rEn!J
zNVXwT35%n>v^KoA>q-^YMp|e+lGyI9F-W9vU&)s-ild7f<F~(tJ=1~lK&w~6^?wd#
zAACTP->-!KhC=`6{v?hM;BNU9hoHw^ZiG?+`~Ck>pI-coGLvq1ztyLq(Eq4UL!tkp
zK50cT@yY)OD}YV-tv;D}<wYTVt54X3fPHWium7k|QAkO*{{IWg$;A0D@OQ<};E}S}
zgj;Vc^5KR57wW%Ce^;fKANW6|L-+346i|i7UhHcx*}-Nczgsv!dHwIE<2fi%C`9*)
zB(l)L6Nw$Zqw`?@u77>u>l^>`8)K>FbMA7eQ2d`@|MP9Xvn%~)_pKs5y)H~`*qnzp
zFjMY>pOUJe#<ELc6Y6fVn0S@?0``T!zT@8(-y{FNm%#5Bll&8ySSTs`V}qiA_>nkd
zCT{Bm;*!{3wu}Wu@OFP}6cnMP#sv6%cmDHJw|`2#<FADu|8VIZ2F~ymejw@X3%?Qq
zfZ&I|d5(9%FNBCPBN8Ta@nbIN`bexT^GZ8EOM9@!qF~UzwO|)smr^h?Cf+iNb9fTw
z1Y+h>vGdjPF<ETMa~LLbR|Gnp%ug28W<Gw55PXLCHzs+HKMa^?wJFBD_#+uG=nPRT
z4Bh@w$Xs9_q{4Mp3^qDX1M=Vr)wEn8bcm=cX79~d;E;%98kxt>cWnFA`#YzjetxX)
z{XeoM-Xn-C|LAY`g|<?kV<vQ7Zmjj%Q$ahrVpLu`nOB*CRcLndg3Ms%(NksQIjP7w
z48z4Q=MPH#wATOW3EOg1BAC$f?Fuk^;n6RDA6*TvE;+ldBmQqIgO?*m2F(_y77lkv
zse#|s*`RgNyVwXMkPyjh^foBEWcYVx+fTGAl5Y#)>Y$~>{kr3N7w^K;I)zUe@Gk+-
zO2b<h`s=@a0=kc%;lu(m;QcXuFjg@7aycvP@`=g~HSl?^20c}2=JtR!xjOxZ7hM&3
zu9Cb7=i3b0VN|L5<HXw}p-c_x{orY7><+v0pHgod!8ANdFRg{g*SzsX)zGP$=Em1p
zGJ!5&gKh=1T#l`e<IRuxq|mQCk)4xLa4KP(;1j9Mbk?>MGfpgNSUp$k-WEF#xwhW|
zipez4Nj?PRVqBmz5nG`RT|^SnNA2iB;i&~Ih?%!`y7H2>Li%DM3lKhM25rQ?xT}<<
z-ov5fwjBuGv)aBL+)axEM;S1YrSx(Ndvd#g<;3+i@JzE6M)nwxS!ZZTOS;ozU^XPI
zWbj$tM;$Bw6C18EbyFVCUm&Q2V0b3gO(wA!@kYaHhd;*KB%h8)buS6|q(r}*@+iz7
z<tCY;DbrS(O_r!XhLl4`ifGl+-;H-qef!iOx0E{K>eY-({kM^+H?OJU5Uk>rDm&U}
zZUvN?=M<^okkFV6D36*mTO9<}r~!pydMMjW=vA1Sh^W45Gr%XqnO?*m9h#Y_d3d9-
z3httCE>T%L>rN9uhd>|QE0lqCQOk}v7+v(&wIQ5;;f;}daXDbGZYb*66Y2(>wNZoD
zk5?(|op}q($@>;6Oi30R)2eEl4P9q%c&EUqZ%PDl7}p96oc9LR0_8pC?*ly1Q#8Rr
z_7CmyN^i59I@22_=$0X=y@8klXAky|hoQT{eB!VO`1;2!?2*bwRdovv9SJayTIzeY
zB>$dLqC~hdJNTo$DwssZsFalMs|ly2<xZF3ry4e>AS;!drgS`{hw$CCb?N49$A)m0
zth=}tjG<@}34CvdPh$@ST({eehhZ(9t{LU-M6N_eS8m27KO>z;D{(|DTiOr=vC4R^
z{8E=sL_C{(XusVlFAHYyez|@53yC)_mG&~C#~m1$Q$;OxngjLGQ_A`)>~IpE+c%Jy
zl6=Nop+azs0vIq+CN|8d19EnKlx@LoaA$KGS_iB#|9?v!_%d1(Y8e?@mT+24Zv}Y~
z31&22He(T#Fh?j4UXo|4Gy2itMbk=&M&RzVw|?YPCY+YP+p9)9d(^#OAVf^K4~vbV
zxYrr?w>5P;3f;{vGiBPbLycV66j*qp)@OdB_o&N_37M8yf0WW&Pd-^AMD%MFe_L9X
zZuC?YY3L4c`y5M}gycFs@1b5$!ou&zY|25S(3i(CAI;A!H-XUEwMPD}d%7v=v%rPG
zT!!Vo03BL)((zgX<b6*zPk`|<DRuLa3yBDu1{{@?Q(R<eG2M9ac06fHh<3Ty3Qp;N
zRKq9593coNVv;1@L${!wOFq@}4xEh0pN;C`tYzVY(OqJ}UyQsB{`}-i`x~L3D;J11
zlEs1Zz9VMj?b`15hPFnn<5%7O^O{t5M_K=bt5X-dhXLM(kI?2b2V(>`5!*)*v;PU9
z!KZVzD1IV5>z9iy8qr`vP6ibC@qXyae2*LRI${&{_Ni6@%UqiJGQ{mh+JLYUGl9w!
zL(_~8o}-QFhVQ=w0Z*f+>8T#$t>sphIHA(1JcE@FhFQ<2IoP3dTYKb<TI8Ci<ufe!
z)Dp8G3_^OEDRuR=ILOTBbFDlc?10Tg%sH$FqrtfkbhH&W*h@0~9et>sG4(JVPX?VB
zQH4Jn2d3~v++FNywu=k$K~3yy5pd$E#=>dOkG*b2z30qu1IuE17gYMZE#zXbEd46Z
znTyT#2%vD;-9Sl5WTU5}*gFjJITaqo2PZ>IN2R62X1<dkMf+ZyPi1EwNT~pp&fu?}
z9|KKAuVrIXgiXP;7DR@|9Gg=-CZw->iPhKvN5x%?+YYq6rtQ6=&=Gs;f0V?QY$Trs
zWL>VX;V;IBcFCSH>RzX2&M2YuL*rKo#Zb=0+wG8yeE`zDg;stGe(m0-^jw#-E_CVO
zyF)+7e9xv^T=Yy?vE;<E+^U2Q6T4VNu(gYDxI+_cCDuSnG6=?v2%oI!7tOZ7DeMTF
zSKAKV3Q8fr)|Qr0YrAxNL)}VSuie9wb0_q@ZOxTzH}0>c`MTp<vL%*7!@-K>L0zWz
z_G1wCf`^KJ!S6~e<u28mnb%MCl~r$?7Lcy?1{dA=)SM%D4>L;xzGuaC7mRPb{ea(*
zI2-@1gNKOV!Z)+{Y&NC}>!g<jXm9k>E|&o}`33H4+<z+dJm){5ZO1Z|Q%bW@9vF%%
zBZK<e&5(6+XEL03a>^W603R`AR6RAvwpmTf#$Y=`|BVG>zid;cc?bii2Nx<LQ}!{q
zck0ER0hM%hXSZi-YT69xR%%aC!GA8gSB8D5X9erc=@6a^4n5*5txbQzzfQhIO6&Gg
zi@NdJw9kXc6SH7qH3TfE7!95~f{3YMYf<WUpVoNGuH%=sq>p$!c?g@~oE-C`p&^*v
zxnF4&s3)n-VG}vd?TT8xGYG;_fRbmk8Axl~jy-6AIf4cyi+g4^sHfEl*k8}PXg&oe
z6(#s8v)JKE2xFgCMn6(ZUK1a<5Z9CygNdr9rAG=~xFf6n-;j<>+hD5j#YDUfp2FW#
zAE}Lq%b2)39U&;^2=|^QI<PGLzo(P~mynH4+|0fsXSbg{jqwM_{JOxdq#w)pcG!*i
z<u0s)jYXn`CNsiUiKdDSPY0z>oju;}`xm-kK}W!0;&(T5T5c@GJo8@)CKP_{Q{ItG
z@X;VRUuxz{`Mc1P#?~$K53duNBXG{33I~`KM)qST2lFYg4zs6KZYu_FMGPc%)frV*
zog_5!E|)iyzmRh%VBk@YaFbUE9We~4EUHQHHWL~FU`;dn%6z(#p9aPrj1W6})_ApM
zu&pzsf|8Xx)|}lD=sl6Sd02K2U-Lu8Me@+X7!b>ubrdot&53@ZW(@a7Ws^l<Gy7Ib
znfE=owlXd&iQvt44i13u0tkVQ!gFE#6YCCKDO~0UwuCqzFmUdf{FZcti@_?8_oJm4
zvC2AmmctE#mxSF{)E_SG%syKL{gl@rCf4tNJeT;b0`u@K{1+H`-o?)SGa13J;Te}`
zCc`dgt|s34pdg-_`dl$Am+U49B=;Cn{LnN!aMSvNDVQ%E|59wNNoN7pJ|=Kr%!Z6l
zz~fvHRMGG_V}5P#_KILzME$X1s<rCCY#)NPVb%}D`AcKF80p5w$R?|2K@DzH9NA1{
zvuivS=_nJZv_mNeBH`N519Mp0pb}(N(s2^@)<+PP-n3`#C>gw$-qgf4FUi9;sLrkq
zSkux2(Z?#=OG`gJXHG{2$L`dNR*!@(SjlnT&ZYd^9hjwWCvj<K1AiR?>+^tTY76sh
zrbnQaQ3S2UTyo)HWiKm;U|V>2!Z^9lWNcJr;&xKm6;enyC^eU7OMCrO(%`CuAq#J}
z!YI(bSiQFxg-T|z-j<R#AnVVPyh3>%l>M5P8)?*4CG6elBGh5?_EdGb`X=3Bd9F*d
z@!e|~eE&%RDXdk{GAKqrn3JQzs%g)m-?FYrV|3jG6?DgQ=%;8pw%X4bNtf=!;Wa6J
zqSb|3O5|&^t>EfVNncsO^31Pu(FcDQdyH;It<^DMVpp+8p6)w=ir6cpTyqqb!;;iL
zX2X-U>%gq5A9<=X*O+%6h$;Ub!y#|-m}US@*@bkmbI=X}%pMX<(?1Y(eQ50j{JKCZ
ze=#Q%z%VRg5*r2gQ=kGuY1{g6^?k>;{JQtUJtlEyp4CEW*PBS`lgfyxgolkFz4x{S
z1@&1<Y4EPCd5w<2&{iA~03qOOxyCZxls@~H^3Z$f6T|qdz8DYwl{F;zwdGuOqUjG>
zkWyykR5^XpxlaGEz>#4Kv}629N8u-Azs}R;-C)r&{qqsg@C6)_vQwmh9?Ur_P#Xax
z7+pyk4<lML2u1!VLWCZdBFm(UXL@#|@{L`!*uuYT;39|^Fx3A(_1K%W51f7R%-5Iv
z0i?^vc`zk~uoVKh!fchV`jj6z*-h5)jUQhP#ZTAs!MO1ub*QV2rx4K@F3frLR92ud
zZ0AH~xA`?bp{Hg;a<lxMsvo1ZtQd7AeQ37EZnOIaT=%=D&jde;Ao$FXxNsA>*H?If
zN~UGMdvdm(j?GYNo2jVDBiQwX>QDtjE>A#L*1ElEEr^ZYhFsbia!T;r&gi`C;0u_&
ziL0FLwp5{Jpx37q578M=2YL(#o;ZRck?kr$Y6G<<+3@TqExvA~QA7M$PJ*cLaySE9
z`Hx7%Ory0_JX>d*g*<U;U6ruvX71HB*!R+j%8cSHqRz#`1LH~Hp<4o9fzw-=Y=6tW
z&kNrl-_RDefaN;Q<<cOmo@D<z>{OI%!wpZ8wOaoCGzFWZ>k;WX_IlO=V<Tc4l`=}`
z&1@oONSjQX#Bz)}Mph4vRKEokXS$3YDIG(gQ5;MT%XB@XLU%r>BX9}NU^4#HBZ*I|
zGr6>=%T&b&Iv6jLlV~9u_hz^_oP{HEClF~Y@)Za1!VYUlmcs@qi`mMk3=h?8^_)CG
z9HjzQWmryl!fBt%Y*%T;7CP{B%Suy}m$j$nG83v;lbdC!69?U}+e0XJLW&X4<dUNO
z?3{4ClswMv6*8OBTv98gbcmnKXDcNlE7jW!@Ofv9N#sSV%BQWIRSS-@M3*75G)_dL
zn;OeV5zGvEx}*H^zu)ZYCWtKT(q={sh)*#z`snx-15Xp3-Sb`4=bdSmk3Rr5`t{G0
zh2)VleGWFaZb{^>kXhks^;6b#PPrA~Nfjy{6BZWn%(K9$G{?)k5fhJctjDwx<oXoa
zlcG7JBNm;OV!?j~wH}TfiICnjt@y#2%sSB*yidlXYLj6*#$8+q4{zqykY|0G=}Ic$
zdpWIjRe<_CmMrFim6MM%Rs=C?3pw8RT`@9(qfVP7abt9|4V(%#_)L6Ua9Pr~2vN24
zw!J9(j=z({lEbHUrYiL6<AnDKeQ;>UluVNk<{?YB7TL(3;Z)Qrhodc=5%TWk9<vQm
z)s`U~Bq(xySy%VbnnkI}h!plZE)$KA@w@IF?6{n;ya~lQV&{)J7vH0~4os1Fl(DeD
zhg^NAqvGZgZlw)sxw*(liAfXZ<qfGp!+i!Vr-%DORAr6;v|*r;N6_x5?WIs3y-G@{
zyQNY`r%9Ka_i2P;ZpF2_C&Aa}bFnUn0?!y6gKQ^=&k$VC6dl>DJ1nW1J4#jQH0n|`
zlm5-@21Bqvt2m;{<y3)0qgBCLqiA-$8ObQI=z0z#sSQJc+9IClX`ABjcrF9Xmf?tn
z-gvytFqh07sI5+lch;*>!ZQS$@+A^0bFKOOV#o~RM(1`mW%Hrk8w*#`Ch9Tm+)|UP
z5L#DKv4VAYS!Rz4W@KEP(eP}^R5Y`I%Jp*E=)rov%1i|{4D9bt(P+V#nw<k*ilzS#
z?Nt2HTur?6O2XuK-wj?p>y$Us$V;O&Fq!3!hr&{$6;$*yq<rU6ATE43|Ad(;c>5$!
zQ^y5f`<JyKx^rfHa%4_1KU4ko;<&UPmbsFyzU0;;j96ZAymAAY+BF;mtz*&@m8!T3
z;3@?jUCg;8iU<In{z%~7OAu)?Wr)*+an7JLWI7HzxZqs2Um>%-3oT{?IO)%~k!Be!
zWe6&G((+Ksz>Qe&N<)IS(MGXJ#$T^q(=UlAbaPfaUU-u$pwN+P=>l=l>AkFHI8px2
z4!vZrH!~V`jbJTVoG$LIn`x1<M>Sbav(`;N-@Q`E5s%HYA)!ovGP?mueJWjJ!E2Gk
zd#D{EkGo-0BdsEqz+zDOH)5+6#w4#*IP({0+x`urWB!_05yFW>YH4tLR3eF%C!PXQ
z>%<%S;37;o8v$zs0M7ATlH}yoo=$_S%2D&TSHk3oslASJ*-agVhuo*&wS#gAC;H!9
zj&>uasm9qtgq%XU!r;ODF%~6u`U==plE)GbOfA(Ogb&VZd)}!wys>K8hU$Saq3F)^
zb=FBXuc5lZ9Gi;Br^V9WO6d(slfQVX1|P)1Hcjxl3S$OwgH>(QN|=--i>Y?SM!2)r
z?CE}J_rsF5VZz9G&?v4Y5&p(k$k8Rr4;^<wQp-q1`MoClFJHO{gZEfR6GepB7^=U_
z<ucVh0|UKX=80xAS?8)*oCm_Y?yj_@lu1s;H{5LjXAfUWuaSANq81!7Rr75Oj%d8Q
zXnGyu4^<Hru936AyYn#hd34OEl!sdG`O}CuQ7b4f=4knx9ZE|-r#LJ^wnF%B)Gu@+
zj+-AcU$3N!3WTHC-BLUd1vZVI2qk^{(!#@kIRYcuH#wJo+O#iPF=3ozv8KQu^Ny=I
zuOq6PN!=DGreuv=Hj$=UXrgaD(ihb!V@d=H)qfR*iHVy_B<RaXE?lsPB{<A>JcZ5r
zVgFHe;!X-*nkhIZIlB|fONt|Dji5PqBoz<G)YqS>-xzY%{KGNK06BaOV`x``3N?w~
zq*2G!&$szHI8m(k?Z?-vC8tz&p%QYZY@AIQjc2lgiI(U<FgBNF3K3vo5mOa&f|$?h
zErot6-x#H3g2DRY@6G+^flW?Jj*An00b`#iv}+glsp$8aw~n&VVlhRfXzF`H&D~uw
zV?kIOKoU*usJ)ZAX?7(q#8J!e2yfHsX{^4gp<XnMWW&r!lNf!x8n(6O28nOo4r^cr
zpRZh&>_njsQ@{kzcWPz`;TV7?Ozj+RN*t|BwXx$LXK&Jz%&Gf-XnV`BIGT1_7<YoZ
z2e;r7G$FVK3GVJL!JPzmcMb0D!JXhTxVtmR0COPEyZ5{Icg{ZN*Y{`js_Ln^xagkl
zzSmk^)lk$pd*f~jtSgUBy)5pZGyak3GEAXJwjhdlUOl#w!XEi<ILgLd^frrEgeBZ$
z6<xc3Te2jdR{=*V#w%(sfwa<%z;Xmgw2U&<Ix-ViwiLqI*MdkXQFIW*bF$&DZzGO*
zQCc1v#*sm!5C`y_-YKr+&ukUNk2pjBQuGa3EOql^i<)Ww_sA5fD-#`V--$whNy%*>
z6A)@6jIrh=@~D<75Ww?gG#P)|t~QYS_n&21H<#2JYE1^GZw~q!0R=a9Lo%98r#16&
zS>H<rZi%7P_8Zt0WX5A<;Gf~Pt3^RIXC54)3j&#Ei_006qX`q{1@b>dBMCO03t2F`
zINSD+M44mKl)p3->4dghU!qbfY4u(W&2@CreS3teh)A0e+L!E+d~wf5&^DXh!vB2J
zn_i2L!YsZe)sef@@lmbF?mnc)Dq$6$%d$ultZ_OO$DnmX`D3P3GT7htSO?ea!z`}R
zMI}`kF2!ZJ9g@o6S!(hvsZb`8()d^AR>lZwe+-uNFMuj~`NYq&CUWG~YP4lVCkLI=
z2~2XelJl06t#y)dX^MrkST+vUE9Oz_<!vhw6qmGF38WuA)Tc;XN0i4X?WT4yES?NQ
zmtpN(P;@&Jey|%kaAE-oW!qS$5=_6D@=Z*AaX1=w9#3MLFiJxj<~@njoM$OuuNcac
zLwudRv*Fn?naUU^ngNAbx3dJ#Phc7KLLjMyh0M#rFYrW+DU^+k!ZDv$n78xRAtExh
zHUpt>w+}5Jq9p2ksR+0!m%uU}$~nz$|3r~=`&%=Cew2vw&){WkOO|fA-(b^$?IxpA
zkJ@32_m1N+XA)2G0L58r)BQYRM2}p6njWeOycpfRednIF$nYTEHVmI7Kl5I1+HS(o
z%e9m^**u-yAl~!Jv}l?yR9LM>7?ycLs1H))E8{Uw;HtRyKYZZ=Y!Hxn2QmmJ4?l5P
zy*$}<eTF_TEq0HlOCh0yc63?iSf#7ib4$LCYjISBx$8}?F`<{&chwZQES5jnIz0t(
zNhyV3S;PboZ$<+UO-HWaPzxUSJl+e63X_8PlX#q+$+mGk`)zJqXEdxi+Rf3yS#4*4
zKmJ`Y51uo14-POJ5{_-Y&$>)BF6+lJtEV3&_dZD6E~J7O!N^HYar*RG8c&CUy*DZE
zSxe)yG0|dBDie3@xqxG&EG{Ld;GU6+Mg`0F1IRbnESG=E+gG``m0lOL9Zuv}z!y6X
zkFs_Sn;85O)qp2Yyl#p^mnE#*$mw;FcCnN?qeprCu%vycfnKohm{zs!W2Si>eF*ob
zxqy{F?g&lss!DHwTk^r-O43A2P?O3zJOyl4s3fRre|0d(am|qxg)8>x7?u<>kgRmI
zghFtg{;B0`x?AqkT;U5zmG}KSf2~%xCzv!$daw2)7r}2;udjnV+dvr1-SytS6#IJt
z(mx((Nb>0!zW7d%S_U&jcmZZ-St%?=T%A#%7FW%iD7DT$+PF1?W48g82~f1QK=Y^C
zV-H1A&ha$fBN6#9U)RJaJMUwEXE$AGL>sK1H%b97J`lo!NV6bMWqxEi5(`Uv(~#Ih
zYMi-~(5U6Jq4efQ8-eKs@x)Av@#ZW3>Z54e<NXHU)Urpy0BJ=7JQq(3(wa7d<x`2&
zPCqe}7bLECNdITXop`0d9~VeYv_P85GkNY}fX{YR%NY(k?3Dk$_O7kIr^71R`_}Uw
z$8|047hr2jIhX{w8I`+>$)sZvLAwi3*qlNcwh!>$lP|KY@B!~h=A~u#&r%V^m3;Vy
zhZ_KhG&GR7w|eKDKhF6vZ2$ad)yfARa*EB6d$Bg?gYV#az1=xgnAJ?LVJZ<QX1gFv
zyGcC`L(J#9i;t~mn&sfer7&aS2*q%dVFh4M%T1tP>eNtBtAcL-bzxH;Nds>6e&om9
zQZMnnb^b7on@Bo-)Pm*M%OylmeCMj|DcKT3@I#4xc-OTV8=ff}+cSqcH=djZGj>HG
z=xRMa^Snp}7;680U?($MXV5RvLT9td%tUiD$&MnJc0rdrc|3`(SQ{u4ZD~&`yK;Tw
zwJXpDkl~p+3Q6bG`w1;8>WQQbRVz<^3{yM7{Q1*7qH*S5&|=S)o7dp|!c|$K3tn9m
zvbiR;;9%}jzJl(P0HpJA>hK56t5JNrul3Pte7G8@3e^yWRPT{4q@9a+p)Nf)Fu(<n
zXGgXQE9SK?`DQ4F;t?f^!8lE_f*MtmB32@eVv~m^qI+?E%~;?kNU>qIUDa9PE+!r$
z`QkOM2lvb&XWj>Mcq1Zbte_PRZV27YfR`4PvOq<hB`^AB0hx%dG>fTXVvzh;C$iNX
zzLOJA-W+VJY>Sep(gp>~#XISI)>vJ)+-&Pj$606`6z|1|Zw~`8kTN)ja|wzGTgR8#
zc1-{@sPRi-?+2qzQ8|VhmCYv<7o5iqkSNRW1f8^k(Hh4v@<R7M|4y&a;5(xmKx=24
zexCr)#rq>;nErs8`YEGA(a*sAC|zn~vsH)X!WSt^c5ERJE6*fON`V>Q9N$!YXo+Ft
zY8+ovMR~Hm;!E|3o10MFfS{asG4^*|6$Y>Bpu@FzPyyWItqo|&WCbrhUK^g$IqvwL
zH`D93DVyO`SX@>frs}Fr!4C<3MToH8OLkvXXpgVEE)#~$tC4)0CzNVUU*Us+gSNuf
ziga<7GE7UoCvIDViyE_sKz=y2b%7=BGBDScO^v0hBY5I48PD3i)DQ#9tX{qM%JX_Q
zyx}$-okjOltb%xlCN{f0n)6y{mC01o|LOg>{kc28<`%auzkK^WB^R&ulk8w(m*imN
z>_cvvgsbV3DG-nU$JHKj+w-3|9>eU}p4^&Nt;H7!?}U}83B7?5n1kOa`8m90iqgq&
zcc0}|Lmp|q{$9vF<}rT^H+ypat-UA5LX`L=n#N-!KBnq>KNmpMHlcp^s;Fq5rqVWl
zb)_OWfA1c<>-M^ZPyg5`GO^-r!{c+FfkW%>E4QPCJ}(uU1gUme=$MImh{K^s*|~R<
z^VGb6DBCe;?e7jrwAsUslESib&;6rIvH{Nf%}I`(FE<0-@+p9h4W#@c)090dJErkq
zi(Yl^)yH1mr-hH#0PTw$OZtQ1w&K*g9aAXB1<U^Lik>s1()e4~do48?eVwsKkzWgZ
zgq~%Ds@e8wWe$I-<ahiO@k~5E2S0*N>#c~SoUSKmDwXykZ59j10UE>&@uXTr%~+lz
z8YrGO2K_><-ZQhEb$E$-4c=d<orEiC<L-*hHDAg@m{Bsi(?!h}GVbBEv!B9dvN^Ax
z&TMO{gF^6v-Q4z5Q5q~uyu=d%VoMX_9v-YO4>&sgw|RXOOZvcDyjh?o5C7z0;h!U7
zspTp^k@K$L<uT`wuh39@dp)WurSMCBlil0-GU~M`IG%oyQ->P&a?xs9>=X<cb6lXY
z?I%@z>XsjgtXgaplXsQVd00XQytpBV=PKyV(^gGWe7e1wS7GTkhLWZE1x14(OEdTr
zo(4;weMvC_>!8?%1(P)uA|CM#h6jY8Qe^#xjU@>DhGE{=j?2jFu)kyf1+`UH|FQ45
z`x!cZxWo<GocQl(WNg&GW01$d-Ntd+{~B<mlOkK0D#USeEA|qVZwtz(My_U5jSj3Q
z?+(A({jT_vLjX*}ny=p-aphU-PhdiigKpgg!%4uJ4`Fy3j(kV@vtiKo252M-b#|I$
z-Q5AZqV)y<tey_$j9foG*!ypOdL~uY8)}fp&ezE-Mww?TDv(`B>Sg*B0S%hk($%WJ
zHDRrA%D?Gb_>b?I0j!~9Mis|{AZ3uN>%AC~aJzx<*1p|9VI6eyHwvCC^YA+bPg%k&
zzR-SbgaD9LKW{!pB!Bw}&dx|K>+BL3^r5)&btLHl(@F_MgY{@wAi!Y358Yt+C*N-H
z4<X1WutESh+wX>gCu}l)ON;D>ZVLTqXg5F9XDD>43?y*^bSh#>QUpvtasvrA`JDVl
z9fwab5HN^;fe3^^E(sA3L}CIF0P~kE&?BQ$LA;Iq7xZ*iLjG%CRp9$~Fo?g_P;>tI
zitI@8&$rKjL^yoKdf6u@y>woK<1d?0ERgv<1|83s$Z)I-RCufm5cyE73|@HRup6K5
z9f=W)Uj+3(b^AeX-Wfwf_b4&w%laTLlIeefkR8UuI}>E3hD3Fg;m-LCMM(7qJBYcT
zaVNfZ>p-l)cI#BDaogkh>9jnICf6`3K+EGczv?A0|6JIAPYBTAos7*iarnECGgDb(
zxgo>O`{#>6AAbTu&HL}dmP2>*L6k$|SHF82@;RK%S?{VYg*@)IC?l<Y=T%SmN~NNh
z^+_P+A)9^9YmqL&PA%drfzNt6KQ6$C?HT=G+Lw|Ists`0;H}^#I8&o`6Y*R33;c=i
z0oLEm8-VW?-v7H1V3_eq!iK*O0z_5~hI|7aAco&F+9H^L1Y!~VmsKg_{vCK8_?-PQ
z7h=V?`x*Wp0NaIwz)!aub<jr8d*HvPzW&QAGwXeF(<1^1v!Ihdp_OeWr+^`Qgj;kG
zdwe_kq3?bC&J{)wE}kLQ^_~*H7(#TCZGa#<yVTjc@1VVeH}<{c?q4$74mw~V4}APo
zU?lr(K0}ls#Dx6?Eq2IO-(#qQ7r7dURkT0P*|K%rMcQijZThuP&cchS|9Lxw-wnug
ze{`k!boVPb$Y#qn*A8Vh8+rc4w))vKN*|(@j2r}63$6=tgfbTX1oYKixnU`{gjn)j
zE`^VICaVyCrEx~cZyzG7#A+=!eDa;~u2!T6rX)`H=O>JfvTQ){27&b+ex<$s+e4At
zq3*%w4&Dk+U?X;1NIOzqh)(5f2zUs4h`-R@g$wzg4Q%YUx&hD&M-0&o3GoKiHLtT$
zLu^1SD#C3*{AJ%WYyS@PB75ftRo+QCLGK3-@g3q{u)%l*(QYkwf8w{)4Qqe23PA|3
z4bcq?@t<%3(1v(m(%OKA5Q5l%=KUz-XH_(b;`ure<90DXi1s9)Gjwj7yjiFk+3TY#
zqyU(-8d<;l!^P_*M@OF?Cx*NWrf-tg5O1-KWnBwjAOF66D0<NL8fa7j>9g~C*@=dE
zl6-?9te$A5j9lFb<*y$pb&a8*lp$Ghj4KTd@L6%nS@anoK%7qA^az@-%oFG2TeTY6
zF!U>#TeX1(9^uug>GiHS`(Ki~5jCby8VS&$P(JFG!^1~~_&q?Rp!q#))WK9jT|=^x
zdFkFiydIuzFZ<WSGY0>9cwXu2;raU^7?v`0u&{`MipZJa4y@@<>BFQ}6``_>O|yHB
z5(wZnINrFyE4CNR62Alc_S=BH2Tyi`!Ly+QF;njdPGhEg>Vcod`Hkzp`~#rM2-lxz
zpz=!tGLj`&3QhF920iQ`a}s(yk$QPy(K7oG4+CjM0dkqq4)vqxQDGzk@fZUb0&%hg
zgBw*ov6HzHHD&srw{It9pNEJgMoN@EU%(+k5#<}niaWfAOCqBJ?b!9gp~rbgS<;}y
zd6O^ge;gJfBUyF1UnT)d2yl$p-8BfmoaaTTfrkgc7<hPd?0w*lLD);*$)8{?ZV}@j
z;qF#$xV>Bc-)otC^p{37{W^V)ad&AfU)Q;*sXmP#|JKM9OCplpZjjwB{X-!7>&<A>
zHDv2B9>&%Has5!FA&CC9Jl<)4D~~-d|0$2VSObOIL$3-y#)@m28VdH+3aN*)o45zU
zJ@O*SFU*AFT-@WXGJEw4gBS#xq9vR&@gCvkctw>Tao73$6`O~5Ps{v|au8t2<j1qe
z|2*CQy|(P9`l#2HhdI0-uT4z?8AQh6Zo#BcO+R6MO&C|o_>?buqip`l+CS&#SOl%G
z!iF#Ltah0a32f)vecj!XJ-;h?xbAv}L(NIg-4o2ycg;Z=n)9A?&i~`Hsxu+8HzJ0y
zf~Gf+RLJYUWO3P-&sP)P)O5Z;B}E`#@EPe7kB}|x>+Ob!Gv+A$IP|9btNatmC=p+4
zG&EPo7Pm*+AyXrPF6U3*NgXu~omFSDPXC38Iz^A5=95Z6n_KAKM!|G`svq(AU+7#A
zakCor`6qJKc;00w6HonG@4eGp)C7^#wh6)yuk04T5F(lF`u=v5$7Djq`YHUnqB*HD
zjJV5{@)jiAVnZ!)<v`ZbcHxJHXFc_nIiQqW-*^A4fq3Gy#HO|Z@go_xk1dXSg!$&)
zQ?ZfqQxD&VYJfeV+kkSY{_DZfq!2V+EFu1aAuD2gAtF(#aE5#B>gZd*dBoi%+uN_-
zT*@yA=3g+FM-3@7EwMrAZJ|Q7Bb4U9&*$(!iCt+lDon~Eg-Y7PIF`AX?*5gZ!@v#{
z$-mdCmO?EBpXHR;=6@RLC5(UF$++xow{#CUew4to=O^~n81cx)X!dE6ad7Zqnrs4%
zWy;QJKEI5|ws;GN*R^m{lSwt;l}R`pEr)QH%FG3evAx!qA0_U6|67eIVG)f{7wfi?
zS4lJ*b<*WI*+y8>AL`ma{ojgClGBzoY7*LSJFWe35p-9*W!FxC85O`q51o9l5Y>Zf
zxeLJSIO-Q~iH-oA>hbDBl-%;w$j*HQO-q1oCqs7Z!(CK>hdU(-4s?mD@z^!b_9~Ho
z{G9aJ1iewQbrUe!I<e=8vjevHst!McN<ls*On?+<Je4pfGNozB^^|qu#Zy?T0HZ>^
zXZ3Qz2luhz7^%x!{xqz}I2@m<g?*b{p}k=V6E<<w=TH%KA~4i5E9)i0?5_AQL~qr8
zYY*9hJo-i>IFuOtw04cuh4s-#$mBjX4w-f!GOXNoAJcvv?{N3A(VN!sbXDeg&b^#e
z>i#!DT4|IWo*kJmvX89Nu3%d_-nWNqiW!JQuI?=erU`jPh;XL@ZNL7H-s%}W1V_O?
zOVxJk!tpfbAaal(N>j_!@!=p!kB{*)rDb0xD>d}5su-Vi^y^&_K29)zkI2jQ)4G%r
ze{;gm5X)Z65$LA{TD&WIut?eKveRgT_?q5^%6}{f*tm{8%=#hj!;+D$-1uHxNsOc<
z*TJMLRlUZ<0rw6GhlLWrO~SDrf?xCy-#nVJa{kV-UEeiWM}<A65&5u-hVIGc^C0ke
z$`w%``Wypgv3ryUlIT8lvHRHYG*UuR1iA7G%lEDF^U)vNg;z_<*7=0|1@@glrr_Or
zSX8#?nqdjo>W^y)cGNgKcmI!fE0PU%g3o;3P_Ws|4%>-=n<OqH6^nso!dn~Hyp%f<
z)5xR!W)+BsJWs<%$yDBk%4)L`*u`j)5wiT_vMWQ!-KuRtksx7i-~H+64`D{F$5*k!
ztW0NI6fawrk~k*fOg`%)QQfZ8oO@j6$V3L2)>HB#z|QtH;`q5bX)C?r*Lg3}GVriJ
zCK(RSM2}n0a~LF5$ChfCgVY&xem2rhzE+^RHAG$JSJ}Mz{iHm0ZNK25wYm^%JR0#D
zG!K+(&mJT>&gE=8aWw}5VgIQfn>3`&<X@{tnu$jm?cs%m+S?Hf++)qwET$=}q{xw6
z2`s_F$c|XUtasky+_6N|HZAQXB@Llv0COI7r`%2wI-qL3-e;2PTY|X}Byal;asna;
zr0IXvkEbWriExjZ7Le1iM5(1DSrsz&jU-|jKUyxgwC#lA9};|0(jLQ;>z2e02P~O)
zy`B#v6*nK~zT!c#Sz3nBmv#>nd_^Gjvw=d;Pd((n8yiridzc1Nx<s|&7LO@x*%)2_
z61k=i&%j9I%R4*Yw*DS*sSQ)=nj}Kj5uWC*U`x~KRG}Jy*T6F#97OcqPM>g8>V&9d
z4MFT^f2L~(n#jqgR{1``vK~*(y2|nSS<kmC)757C&~|M}RBg1q2DP)%oj<(j`?Qf2
zw703k$MD~iLgkARO?GK#p1{1TvPQdN<FmnA(JN9MxzX&o>R=1>@9_wyX;{K(m2j16
zo#mNN3Ok?+VGOX!OG!f0ef9^04PTFF<oj&hZtzZ-!Tk>GBTi9VGS=?ly04LbBCBRO
zN#X74WH)C$6Og5?_;TJ&2FAhFT|5DKnUyjxhZ;-Ia9zz;4*e@HWW{{bQM}qYI<`3V
zj!@AB4gJ;0)#8VlJ}Hb?kh(Nefwy6{3I`u@B;$$iR;j|uP<`^{I6gskkP$U1==uu$
z*tKn*AbC9ro&+Zc9dMp&dh6b=M|RnPGA_DgphfRk3kXPo`&&dsAiq^l$fD?KOkCKy
z{`HR^)%bUUxJ87LPSS4sO`Y{ty9zv*Jt!tF=~g{|TP_RQK0ui^Hkq126T5fE!v6yg
zRdeBflxVzHew5%N-YY$yExHPYtt>%*2o6?OXx~3YBq{#uMoO@z8%BN5Z(Zkf1BlME
zt^#nZ(0|*|92aj@ufIRR_t&bI;GX%F&cCY1%byp71~+exblM-+EI9COS(jg>?Bd@i
z-k#5}7^-Cves#P`ytLd`*4V`u400>@3{~}-lH5PpT;VMeBS;)HM~!=K%Im$`q=V?l
zQN!!CH}D!o4$D+WMi=+wM5-!Yf5k)GUji@R+bTv{=_n-a;Ghg}G<WHinIX3_Ax@XD
z5be5`wnz~)?7TcU9zCx3bqi`c2V3qI?f4P^3-%9}EsB*=jK{Rs2WemG=I$SvaX@i0
z1Q$(EzKm~hJj_UV(R8+Nrz0a5#V?a=g<mJSvxf$6th*=Enk2Pjf;l)!C2#l>V)BIO
z^DzwLO4@0Z5aRq2emsoeSR5uymQDIuAbwk2Qn2GJy)Yu_AHskY#b0@4LZw9=DSnmJ
z#`*=#g6Z!&;VWz?E>;#On_&sHa%x}+0X(@i&#rxS!DKO2!5&uN>LJ639TP<9Oa57^
z3omEgFa9>IOC?6088+mKxKZ^LvyHdRIWvNg;v_jU<D)_tVXs?Qn2Q@IzSUtGq;tgS
zP2#xA!(qFqSZEa<7R;LLBU4H@uR)Mr+9}OvLOLI(LAE_x#ij)Tmb(@a<zI^dvU^QL
zoB#u{f$xMe_^AOP&q=L2?E1;m;_K`=X@UcPKT?D@IB+@iPhw|TuyjdPER!Lo<;J#r
z*w6j8@zJ=;?!W-zN}n9<g=Xh>a@$C|cO{7Z(B18!5^F8F9vPi1(8=^wW!TPGYN7R3
z^Wfh20B45EYt^j*J&|?_+9-$or*$ou!S!q3N@`y(Cw`z?7n1LAA5l7AFg%S;Ewx8n
zM0p)K&!*|LE32&~01R4>!l4)(lz#O61=6q_YDnE9>DOLpRoT`%e|Zt6r+LVutzlIP
zJP>9yzU-<S+VTa{_9M~0U_l3i%^u?R0}&Bvs8V9Y&i_SH^Zfql(HHqZsh!-%_=qqz
zXlEm|2XbA#HlX<xMUNgYgrD0jWpJ48Uz!Uzakq9~YLx0Vj+%|xmZ%FMFb2?b?iaVQ
zl2ozQdc?B9McbrOieili2Gpqn6&;p*HX>tjb2Hd<%}I@{s@G)q41YHw%6W76XKOVb
z!@el|jvr?8Qf$5-Xji^L<Pe!qg-o^^0Px8P&NRN?s#{-ukevQLZyY4;zb{tU122<u
zCfK52nWMMfn5{G5JsdIY!dl4I5~W~0rsfMO$&Ad}%e)mJ(J@FIJsGI{I_Iin`aGdk
z`1}!V*cHqm%nw&=FR~~>*hB{F7d?xxs$eZ7Q30Q#d<OD^v~HX`hJf1nlecB@p^DR;
zs%bkO#8cOZ9Cr|1aR5&>il^Q_xOqUrnZ;3ZDWhFEC!wt%VO3u#JKc7E=y}#0>)t`l
z9Cgty@!9WYfQoe$UY8?As7CINB6m;0x2Q-my$|$zrP5?O9SR9a0M(&t@8OZB3JPaZ
zcXB%LndNLI^x5w0<mOvfxp{2Zwq7`90-oB=L)NL_m@Tf16EHmlPu!N20iri6=0RWd
z7^2zmYf$FIj;5A=rRQlI+&3(@r6A9^BRf$0pB=iaQyO_R@sqh?64xWrUlSqtCF?kz
zvpV@5Uq&8=v^fLaeY%I80oK~c3lgKedSg<aqpq}9ZI+E3vA(xwkHU648Kd$1=PMN?
zr-h!^@4I}Yh#K&KXaKor$FtVRV*ts~u?Ku256*jMH+TQ&n5k3RwGEwODhafq;2e)^
z1I+SpJaW?=W3J^VtI#$Z-SEi980<^UW*>iH%P*Q8fFk_O$_3Li59~=j9=DI1is;|_
zKa`+acpazZ6S_4K&z<V=oVA`3x{Wuuh2D_OhGt1=NUnZt{iQ*tF1rGVAIDJ?qWsCx
zUXcH~kT-Pz9W2!g)Zk<m%+I`nh)jBd{=pITsS^66tc>@l*JNj7tWk)A((i%$h6&H1
ziOweq-u32lzB6PIw+6VXS3DSs@mBnt&+nbOST)--T+Z6vF~z1(oMmbHRc(?nk^PNp
zpcS9&040Ss{LKkhHfB`|C(k>NzSYy-j!0_NoDxyKK1r7TA0_yJU_<b=@F62?v>Dm6
z_cu>)U(gt%MZ4I%rzg2jK>1lj_7ML%@X^2SWp=!j_!vDh8Y;reAdVtu-_BT1uzE^M
zO2cjiS8E4oBY0e>`!qyVPqakTQs5^?WMP)S@`IlBS=<TxL8T4^%Fir#H$5Ke6nwii
zv78n>4JY%H>RvF%OU8s=93T^>-1Kb*LkZv&yqL-}iLB{9^S+;zOZ7hMm)UJ&kb~sh
zZg<4j^;P>!90vEA4?kk@`eY6#i&}Oq2$@g%8p=wxBVAil40A0nHY^^Ow#bAp20}mY
zYN+80J2iMKBw#Mj#AR3ZaXFvE7Vo;N3Vyo8%i8YHJkTCyBg1U6YkqyT2hmYuxpIY6
zctLWG>HJ0L7VyjHoX4Kr7kaM-V$C6<o~|q1J4vFnI6r$~Y4YGApYQn~N_g?%Si?Y~
zsS7g4$TpL%`T&WLzlH6poh||jC*YX8`CY&<()y1LK7`7^jaFI3za8YwXRCq7NNWC*
zs6}-(-#)D5iv+E;_N-HjoG<xd#{d(hK+99ouu^*a3Z(?A%sg_JdS<CVy0KxD(Pclg
z!v4l)`cCi<dF%PzBst5V9_dC9IGDzhx_ZXOJ-nt80MRcAH>!E7!-tq7Y1bu^g|UP7
z`2~Fkjk)SPOL&LIfv*T;Z~81d@hcgF^fajEux{$S6LHX%wPpc>pN&fkD#xo4-9DtK
zbQ@51@hiCh*+`kv$$^jZTiqYmCw)HnQ%!O-r6vOz>y11IVFz)#MXF<+<TE7x^+&m%
zI==t-G!*1-KF!)}qtl-x=TDFxtVVlEGfqvjQqqaj-Z5C2<%5)taRM*54c3BmZheOZ
zuLho*#cDCJ2j`UX@*<-g1GAa@e}7m$KmviPx?U_%Qjc}pd?cDmY`0&VkD$SK-uz!r
zm}`FpygD#3lXC;F;exR9z7p}#^%6a-YsH3SK*P>9{p3t4E;&g{Y{~NGQY(xZfXeX_
zg3~9{LU+1t&AjGp|2lIEO<CFZ(vdrbUPpOBX<{LJ4Id{f8p?$N{nd!Ur^dP)C_ukU
zu^Y$@Yngi4_Xun!<!mwIR{gyr1Bjmec%+%bE*#nvIi8KQI#g&9KhPCi6jcoJED+no
z8Tf8H%`8SyyRHN2?Rll&dS2;uxQ|}E202HREBWm8nCzu*L@fzKtI8K&i%+MR(`J0P
zEp{r$LDjg{6rpL<B0~C0dwK6Fv#Lio5d`Xb@!`+Z!WO+=vERxeUulhhcYMloB88u;
zzi{e&P{n;hE3jplD5O47VFMn-1swq8TJ|S(Rea`vsEK3G%~_Ib`FR!(b%c$q_)vD3
zx%=Y@T|_xuD?K!d56JQLoR?%!-z2n}t|=b!d8xV*Qc776M%JGelTjzub%xK03c9Mc
zvlkvFzxw4TY?zDj7Ne+hLs{r0D$tvQ*PP`LX8c%D5oYLo$a*-*WubdG*~R?dI{x;4
zpZodzg$63<+)fq0=Z?Y)TuqL!4&R1;(qo9Bj~AeW;7YL={14fbS`J3<MB4=62c3Vp
z7YaJh=A_$Jm6h^aV<|9xuBakXtSyUL=gl#8YZ9(H&YpUfDCwTEwEv1zo#E@{7O6m=
zVGOkqy}=HXY_JJ>+fX#4aEL*^ZGM{|eCSm}rS_+b8?*WO{&lmC0i#Hzj~O7P&IBbZ
z!ixBt3ML-?A0i+XkDez<9tIOghxzmU15lC5_oNM%CEIH6VRcnR)%?5ScQ-fETvmo;
z%#ED7{>TpYcRIXL+jxo6Pb^W}ExyA?!gEJtqPuyrstkRwiVx7VA3l7z5N3U9>h##*
z(va=+-ROF*@Y)p`P9#c^(pTjExiK2Zh5KW6C$Ne%lx$S|r$M`Ely_pS+xn`ff4;ce
zaSytgs8R~G=nSDg<0^=XJdXgOLQ20XgGcNRYc{8>f`AHHG7P6T=A{Mu!EAZ>cK76d
z7t~ZB*E8fK{Wv6#@f^pz?~s{AfT`D25!V9)>K%K{&da1rupTGZPzx{vu?Carw0$<j
zvi6qLQoeS{`G(JKK#DajNrVR_z2_f8s#GZ*M3N^(<skR;q#RfARkI^muS$I<Bd?0D
zAQArF`=i*GO1@gf;m?ZtmYZ{X1jFf{IL}|>963Axj&n2tok(&$cH_TxRQ@{Rn$vCX
zBGD*+^l5&_WJ|sdG=1kWzYHGX;w_ZAgwW)@vQbv<WsF!nI=~;OOGk7NEZxn*8}%p#
zXOn@;2qf!zLY=b8Q_Y6c+=F#gx!NQ2^1?A5qN9dteH1^phK*Q0K+!USWAJtvH0al{
zcCVf#pC6PvShjbOrWrkM$=b`+X6N9OAP4A0x4!ZDA84UHiNiQz7vJ3#xvHXvmM>wE
zG_1z*INSohGiU_5<BC$9Uz8EArs~mh67(Xid5uf%xCzk<9V+YcW_ri|eEwDUL$~NP
zdU2*{E;FmsG5P0ICz6azoqA^bVVZn}8R$g3+9O4kA^I1DKvY+sV6%P8??HopjqcI)
zsY%feH*e8}%@p(2wVv{-9)xC-=f<o2Bpx5RvAn<(Ox3Vx=-1>zs-e((yx>injYvl^
zxl~vf%1^nQOOH57nbWw?wW-3C>NQV6v4nD0zv4r0HNP{?qSPN$Cy}q1+A=4RD>o1g
zshSZSg`n2Zu?l*-#192$$aA6wZ;A`n(tZ-FM;~QW%oBK?3c2mFU7hn`H=7{C3^}dd
zavL76Vj^fE$_n@=6rm_(V0MO1O#Y2${p+s@JhDa0-;+fe=op=q7jB^l>l(GrWO{Tq
z`xqie!HblhH9ywB4Gmo`G<doedu;6Z&<VobwPe3c4(Q&k@Z63&AewTgEa{sDrgnTG
z{)c#9nF6g~M=iOP0+sMfxEUUb-nAJoQg<zVAgE=D#&Ry7Aht1T7a?~Kf*N$*u314*
zL0vVixV~~6`qcdqCgV%Dd*kP*aH%n_t;_f$OLXIf!!d!c=-@W~m$ob2%XK`kwzl=4
zuNwIaNbti?aLE06)mj%i81-`fFOU&{JCX=rCnU<8-d+A3^K<2C({F6lOKO2Vv|V=V
zdn#aa6#dsr360%P<sZB*Ka~|&UJ3Ng7RztQN81{EzjyElAhA~->$nN=eDm&)0wf!<
z2!NuV1mv1~`c`qBqPeHuJW;HFm>iN>hV8kcVDi1jL*RYngp@$nK#PL3N5SS2;)UyG
zgLvb9MjI}~(C87_xR}6!w&1MUHT?HI(I-$p5q|u<P{72<icWD*yxD<GIuy##5RRw3
zHMy4scq4qp_i6lE#}i76OvA0&AK%Z`EX?i6gD1<c#D#3bKRI*RUJ>XilQ=`ovgml-
z|DI;Tyasn~JYW{K`7Lx2U^Cbh8@NJcA95FKx|Y5y{=WO{9()Aq17qRg?IIIjtP39m
z+=KD@z${C>m8^;F8FUKZ7b1xQ8W^-!6{ZXPcw99Q({k2u?B<+)#QnPLM^%@aO*!lV
z%rduxU6NJ%?JDNy44o{D-2m>fpLFKK#=>iNb9(Wow-)&tl>FK!$gT}qSD)Gm9#Bw0
z^WmD1+dqmbC53^`qW?BQTz?d-l#b5k2gh2mpv|(fPdE=q69V^l!MDDHFG>ICGfl%|
z_gzH3>%fnjzR6J}tGzL%-xssP?NZL5UC&`tgnFdavBz+I_jj~UW3ZMH9@OK8b3H#i
z`XEa1m-t4ho4p1aGE3rzE})!9kEiDcI&2ks5MVRRd|L%#_gN;&GTki<dbptNw(N{&
zs0SvgB#B0x$RhO03R)@zz*M!=Y}qkH{XUiV^OQ*9L<)jA=C{58lm%abl33Gr9Sv?u
zEg<%=f=uia*QE=WNR>u$Xm*g?eU^<S*_!CXbcQ6QMHZ1fF}A?JeH-cccSu6fq_IRe
zJ~GH(-?M>Q%tqV<JJcbg?WR_HycK-=vjESTLCvS*r8TnbKG~&IZ$^$e%?snWYVRL4
z=(*1rNIlV6l}SdIDq#*#Bn{u+pO#0TWqxCmFVOIMdqg2yp|hZn&yjjRE(|HQ#MF<-
zIU*_?EdI)fIFZuChji4DH~&lK(T-%i-Do@;e9B`Ev5LZVjsaT-ZStw|%(I9n7<hc<
zsLQVQA#B6vp1tw)tH$KRX-Vfob=o_;yJ)0F?BAp2QIn>{tFP9*c~VN=PJ*$d_#>fR
zM($rE?i_0U)mFsqcryFBd&A)_&s&Zyi^|f^dU-CE-MOWE*^*WpepUGBFE*Mv{n)W*
zC!}PS)(HrPPg;zkyqk+$cl+&wwr*u$b?P>B1|+6(O3r`W^hmnAxg|?~^K)9l{)?Yu
zNS_HOowhITZw8>FTauhpjJZEoJN0NL^fZl5Zk+}C8tke9Xt^-9VLb@b-ON?j&IpN0
zSXOs;MpCUJ@@~Z>xcS8Pw<!jfk!hps>X5J}$yl@qg}%$(qxv<X7Ly3Gl5nMT*s*kx
z_Zi`gx)v>W=I-^0XGKDBi4=ws?PnyZ!Y#vH0M6)Q<7z0s8WTh$pQ!_y)bO`kit*2w
zryXNy7a3L?H0fC=;CUz}8rLppDFG;`1L4hLT$L_@Y%Xe32a}(^cvfUFAJkGw=X6>p
z?3e7(SmW-=TZ0%&kDVyvfH?@brHSc1+?ARa53R0*rPz7)xf~03HLF}&kyYzTHC4^d
zI6+qeT8Z=L1}qR!+Fj2RDG_8dudxficI2Tpzjn~kP#am5ho3n}2g9b<+<@l4$Y`D-
z|CZ4x2meDx!(UWWXXl(Qn3uy~2^@nJ)%sM=+}EoZ_=DAGLm%|V+V&r(>ZhW}znm($
zDS?!X7Di^Le>+un&i{6**alGlt5b!JFC6|E?bWFYwZJNqVC(7qZ%!5O0@{B~L;iKD
z{7I;sANXI2ygg|ZwbMz@%>4x_Rwzo|FEA$=i^h`aW@ZDjik4qx3pR+U{~m^{&|&u5
zhi8}KiJ_ZVh*$XBrJXoA^yDeAsnCg0o$s&0&%XDNe(4(3J#0zsw$Dj%68E3M$WRyL
z-AgmJBmMcRYD{;5tj#?7vf#Xi*@%0=*SX=PO|lU*4Nq#{oT;y@ug;Vpc0?(^=?O10
zPISjuGn0im@`~Yqcc(~0vd!+I4wJN3d1prOwje}@vwBW8Ig8x@*pw&Qx5}n9jk@<&
zfDKaJ^~Q72$_`J&PQG<$A0T2iRy@+#k`b}u=Wcy3N|b@fgb9-K_4?zs&f~L(lYKu8
zSxmq1^%V!CCau|1uE|mFN_$&+?%BBEOSo}Yd@Bc`N6e7ijhD6U9zobsC;p=+vj!zN
zZRzepm^bj!(H?=ufdPiz!&NIlfckuvx;G#yL&x<xBdoSKzgjB%FoD#@fv55>gVM&?
zD1}h#uT1{^4YCr+{+nOfR+A1+_m5ayOs2?H5xrL?Ub-8U6)k(`RS+V+Ryp)qVzgEl
zH?5k1J<j%eF3x@VRfCAh7!Sdjw(-Rj3#Msq*iJgfN|C-DAP~6VzAT*mgX|6Y<0O*U
z?KxA}(K=YlK`|8Ems1SZ=-heGpZC*%HXTnwV72NlhpdAeBYYzd0jA?fq`GAOQr8u7
zggKl1rKzkro6v-vYK5CJGZr3MQI*vrCa!AViY@s=1%37_reE$ajjOy9vq_*;cqvY{
zbC$9_$0RI+&S<%_jgBB;2=2U<Vt4>YF4Hkii!7I%$!ci=A7(D;`_o(UU`yHtRd1k`
zoRP=Ix4+iB)2vJlTA?19IHIilmCpr~r<t3-yAgC-8ERjP!yQ~%%_sllVTAd5)2bqn
z%w8-4{qeEyn46r%wut{OoC0XD_EP@z**}%+jv-s|=;T|@*3z+tM>V+Lo392uo|)Ns
zl#DZL>>!%g+0ZLnIdm-u@Jv}{O4>W&L1l?p@d{uM5u~{O{d0a(rN3m6f3>@zv0M9Y
z*$uUn=8Sy^Sa7ulbk7}D6adHxyo*>YQ{<266C_PUWmD>61Qxf6d;Uncj%_iAyMFTf
zvER7Vj9VF<<j|QC4@^3h-*KC>Hha7{TD|pM8{$aX4_j%`;$Id6?uq$4$8lS-oRBr9
zllH8*5G^$E&o11)W3XcoJvejxO-hjuP|&Vvt45C^jY0l=E7VIx0Av}OnH;vPe^|hD
z1GM83*-+4LHP}Bxnf(c=zo9GpPl3+8`%R#G$@#wtbcpX2{@(&!%uOEaL+0nJLkqLB
zax6x^^S)^gg#v?@-b{i4i~)72z8CF?TH%_wsOOSs+=@rL$G{pPsUGPUnoa{p8+blF
z<1@Sg(&V~{Odd2VmNfsUP@DDAQzb(RCMs8QnkO6nhI$+LWF^%<C%0)G+1g+<)mDY5
zZlt8Wq07lhC1%!r$-x)B6W<qF@4}7Cll-nK%X6~5EcgCb({{wu4o?A`mcv@*`{v#<
zMwD;KpSi(*)MW*@cAnlsn?0ALfBQI3K?vH6{J&~;*6&_5JM`=S(Cpf8{%6fDX7WMs
ztNyEIH*hcgZ_TbN`Tqyaj_%?Aso7Pi{qLIHpM4)_?Met0+y9ql7oq+C)$Dq<$eG^t
zY&D8~QeUzCjE<XZ$BYmjSk3ze&F2uZwKc=cD>@?9t8aQ;<JnR-3@p9qKRVsQ)_qmo
z*cbgQ>?F7`ELH_amOyu?Jw&*@;YKP}g>C`J>m8yLT2R2C8v)&*Z3_oz)(AN42|WXi
zZC1}>HRpD?!z<MBjHJOB6A86M7ZX|A-s#C5mM-d@a@LD$;laPD^k6+3Vb{}zFMHzh
zBq7U^08x;|43km#A-LYt(CKclNPI6(NW9cE_td=J`Q0)pk0)~Gj4#Wg2!EuQYz77r
zcPQ~fVO!5clMj}mn~J9*BYcb0C&+Wk@phhu(}*H!MF~IBu@vvBpMiS+Cy7qf`&FXb
zozdfB_(3XnlfVs>j+Y)yRj!lU5tq{XU}tG*vvtJX+Vk@A`h-vTWv_Lia(&9C6mb9A
ze0iz)vi=U+Gd!d)=iMTopM3*cc%9)Ezr)tZe|X%xuFMbLN4g!0U?nANjZ0m>H-7lN
z#NDAR01>HYmX>@|$)i~gdN@hF@131R!=yPI+oRR}ziM>;c7HXxFKz#mM%OzaJxUYl
z`}%T+;@zEOcn=QpgPR)HdX_-S8R&1Y8h?2HZ?M|w7e0}wmg|rIJy^{jtWYApyeIM|
z%k4h?mE}$~|3_J_agSD@@gG?Z_2nN~E;a7|EX$$3$#ObQTjwG6EKP+{E5M#HCb_2{
zpXR3KPrd#C>E11Wpx)a@?rG!^2AcFXxv5=&LLAPI@Aq9^IIuV9sChLp-Z4NYMLI93
z?J6T3ck<|91<;V2Lj}+viGKRi_j+b?#=f4}X?{6~ZxDKp#pz)GD_t9Xqoa})=KB}F
zyGG*bZ{4bpTCmnQ|AnaHz3t?I`Chdi1Yw78G4TRygIxOs3)O^^i=K0b{8ioe_;`T!
zq;#9-ox<Yk>E!XFnKM|C!M>i5SOu18ziw4$TNz0{1!9qy7u3Df#0-_;?Wqm3aWdL~
z`_=(JA!HBqCNtA(9}Z3lde!En{8C_8m9z9dvnqGXLUNcKLvg^4VgJ*BHN+&Rf&3R#
z;|)?hL8|R()-SY}W|g%XwNlUV$c%DaV`ui=$Xsq=XN{{2`b_cI6A!X5B;M;04_<?}
zz7c~1i?tJmrGuNv8GJXW<aHCk-4|+AHov(v%6a}%m&3UO8R}E0kt|8-eZ0l|p)IHw
z06dK*^EL3|Bq+Q_z;#c_*F*?M31ZI2uEv-afbU=HTSD_T&S%yBLPgD@TZq!&cBi{h
zJhjR<;KxfDS22kxPeX7vno8lKW#jiO3+1`1wbYrepI#0b%&z2PJ&~MR(VZ=$==*XX
z3)MHP_D3t#Ra&5iY}L2RlX<X<8<BF7{xxw;GF+%%U|D!Y@Bjz||Gf0|Pp;d}zW*iL
zbMKqXc>BJra({x@4s#8bZgW`PCRQhq{8kXJqbV#}x;**5rGNELgrW4d`mXlt{r*J5
zf@uANkB|~sWwo$WMtQ<TIHphP7>ch!9uYZF3B_~`L0I*lUK#^-#6l>xxw-8wMHEwG
zq4!Lp6GjZKx0GaHTnX;j*FU#LZmT0jEp3!pqPFbuS|DQ99FxW*bW^ToC)s#;8l^tP
zP&2?DWCYK1Ygm_TR`9Y&PsQ^RZ{N6pe?zp8d#MnUxN={mI!YA*zH5GwR<#4j1OF_>
z6A-93tM^ZFBF%DkUP?SkxZxZZTgtc3XR%~4^{Z+;b*bA4J*VAgR_@*_oOY{`J`B6q
zKY^9UBf-+aewW}6YMb{8i4>R8A;RxYF?8F-?hi(K8wkPlT;FR6D0STk7lmICGup`;
z=Y6lp@L!X@&%tv5^`IVvw!45nEs}U7rZJN-XD-jY^fPGOC4(dTUYgCVAFN2ScbgI@
z&%QWzZboxbAzo|Ae#~oKJueXsKd@>83V&xIJYP%H_8tt9_ifHaPdCOpXWn2eZKgIZ
zdb_y`99@ZKV%<jR&l6_MVz?_FR`W7DUJ447YKi{9`>4>60>`+`8_q!-F2RwTdo94$
zN02LCW7tp`Go@l9F2vI`Dp;zF1uq+q(*k#lk4-C2pc<uF{z)cd@e-!SjdC+AobC{h
zamod@YNTAOEnsM<r@3gznKmI!RQZ>8Y&;(dBmSt{D4(s9;Qpahtf+{ME8KLqxg$1n
zb<|oi=@TEL9{WlA{6gkLj0=j>j;x)DRC*L$z`}@!OoFv^t%ZC}GoPJ<shw=Hi4-Ni
zREAWPox@H7G2f<=E3!ttW)okfKBJ2&6~27seC$eA8EOd+q5aMuih<T0w7DXK5f!r!
z0Bt#pM8_%<j-fo$fD?E=A1Mcs$j_>S8``Ic8hx;g^>#2zYTW0Dd8=EZ0W%{WMjG<(
zl1JKY(0HXWVQQ4O?JXHXl>$i)c;dP*EaP9-Rw#Twe)u(pul{96nJ>0|R9RcDkoQXw
zps!VsI;7#GUXVa-@Rzoo_4XHSyVo~)*=h}>gH$$0eB^ZJJ-b<5WRPIgG-juW_~yRm
zJ^Qm(5=^h?jwbP=95aDZKODnw?9pedh*JJBv79H9WWX%=ig8=CW~^EK;7s|`^+&^r
zUN9e(w47>zokqsqBlh@3o{pJRN85cmR!P{&0glZYO|w5~3G|1ZG|@6M@!Ff6A8ExZ
z&9ydC%(1g3Z6B8SDk2CJdQjsS(a6M>$QUX#<wzHkR8_q~x~L>zNGy!RMU{SWGsrMV
zEV@*V$x($3aMcjb>a;TQ)fbF(vMkAJpr?Gqv=Omdiq9I4e5es)rCPu_j^)MXZ3vf%
zFn3b$5=<)zB9rEwGAS_V{<*1bf8d%-Wj%{-N0qv5JX$%lm2kK@<BAq-KOQ>NS#BR;
zbAeQ%WxlZ~$ngG0p7ZZf(PG88!B(#5L9)`k6}C2$s6DzT#b1Yd`H$4hx}XWkf-*rz
z^+bBZ9xi;+sovU+X@5hpPF_<uq$!IVZI6MWsZ(=(x1b^glwJCMjUaXg0IFC$$=V#^
zQY<0EE{}vs;kTwkqFB<n+V3B6(!M3er#dRMmzOBnbhmb-a>o!a)qFAC01RyrhDq`y
zhNy@`({CU?tI~r4luV^8Dh1f7bhd*uw~GYYr>t9h6*&jP!Y_5LYG62a5sEm7ITGlk
zT^h?}$|X13oBtpemDHoOD##cpTtUfY&5N@eAgeYM0TwvK;)(=JkSXWwhN1gs_mNj$
zq@v(t&D4`dmepH6V=KoGp3=@;mFDddm9D0bJ{5K+TVW914843x4Wlx!G@konXjZuy
zG((+$(88(LWToWxK_jm?g)%)gvTvd)OJ)JzozUU-ry-$|T0!0?e5)W)OcYD|a%*~u
zysQyNnWJ|){rJ+-a>O(B2lf%{ZG8kB?HKSc6)KfdwFNMQs}352SxAv-<Pnh){;%r*
zsP8w>$X#+8(Hm*uV>(mu!BJ{(_i{Q*Q6xZ862(emzT>ad$ooXZbo`A#18<Q%*h=nD
zs-WeedMt>tg!_EcRj;m;>vyS&o#|Bh{@Z*5SjG!g(yD!-&A`4$4KK-iEcbHc)<R^=
z)k7y#t=E^lBRS1r#;-<(Dg`gU?<ZU9zQhp{)3*4?*@-h3$zEfY;D1?2f|WqB9UA?W
zb#c)r(_4C=-S{zY2Hn9*l_$O-1glIX-Ozk$k1xZ7M?Ew@o(ri<qe8o;Aw#Q0eX4f1
zf5wI(Z+C2jIu^-xK_j*dQFZX!X#KA^*D~QhS?X47;dET8hJ@ufEqo<y?+NCxwM%QR
zOlUjT+22P^vxLY~)l#jVE^S4ATHLc|8vY{Xn?OIjGkC+STqLQhVys~)%#fEy7hvGL
z@A}1lF*VH1=W<*A7A{-f)--l7j<e)X1ChM3mw1#4Y;wd}pdF&29e0{rkYdaHta%aR
zMkmwPn_%_}{?Z)T?@EfWYS}kK3~N>|UdDY#vNoy=TixbJ#yhN)ebH26Q=^$*Z4dnS
zZi-y?r&}o6+1E3!1Z%L0leR2Pe9L1;)Uo)2ctIae!&l-(4pCjlZu*KQEdrkD6oZ5l
zZa(!D&PyhcCbH=)X!Yhu%%HIMre_VUjGzV{U&r<+Dwpy98k96u4`xquEaRCea23OP
zZk#SS&fw*$_s0wkFubajM{u%W2n`BK1G4De*f$u+F1BE^FZd+K=le6@Gcf-6*7D7X
zU_b6_8b&meydhoDO!5h?;{iS8B8CD!mO(j3z`<rYXGSzr<>=x~JQH1lzF4Ggi>YO8
z^g`xnn&^z+K!m;OJi&aPRd}Mp??OJt5R(w|ZI71uDZ-5Rm?R1|t^y&|f=lyS)-7L9
znF}j_#=al+5F=YCU2XYY%zOmb5+PV0*|KJg`1uN6C(ia7^G+t4k&{tZ9Lhj4qMTJk
zCJbiD%(HR!PlY6@1{xK=Zwia*2ji*wjYVahtap9xAVrT0{)~sZG4zx8BUu(~14$qu
zutF1Px9C0|zbii^6)_s>@r4n@rE@a~McNX_=%VppF`^mPJrcy3(4v)Uioe=od|$g-
ztVKek5yqe>u4m=QE+e1amo#gVW=%em86|?xoC?<1+>4+D-1x<()`*Jt{Mj5RH+OTf
zxTn)n4DSbU_|L)%P>es!_eOS0<cbSo1mq;l`3q^6Pq)$yE0tjZjrR^seFX6aJoIpW
zC<rc-9o^bjj!}!%^Sv_@|KeVbo?p8eK^O9EL`f!_2rnNV97{o&7N0^COgvGa#IC%v
zNohGZ&@Or{_=KsZHIkC;^lf4ulvcJLRcsO7@WCQ!7Dv7SYT$5|H*7#6@>pU5xR3eb
zr0Z5FF;M9+_6ei)`;Aqf-aD14G|H(mq`Wngy%UujoGvq`a0hbwd+K2xXBmt_HcFR)
zylpw^0Ef9+`3O<(${}oet&>QB4P)I6?A+Wt4;aeY-3eI?0!?%K*ZCq>ES*u+_Lo(X
zvPS}pWN{etX8qal5SL9dit~8*g7neI5+Qr*ME7wOBWQ*1=VD!!Fo=(1=>guNAk10@
zr|~(n>1NgQP)?47f)J5KPR2!}5=CYFGD;`r!m^oq1`M=l;@^r$hv8cpE&3)PRaf&O
zp`-)d)EdRn<^$9aoY@?Qq80Z9A|(wQwo=Z<eI{KOg0_72ZJ;b25eX-^W;vrEP&@V@
z7LI;~#AW9IwLxmdvSJg9$ESHJgMnp;vv*UGh>JkUKIIc8P7SRdl1IL>M8a<bm~lFh
z=vg{>Ol{cx(HF{@lkcUwGI`%M4nK+pW3j-7Y>AAQz;sw;V~yUhgaXYRuPutUA{fI-
zM4XrFvieap@^HhpHLZ*ZVxuGy=s-5#SV!{aQp-et{pJ%@ru0tEwGhWH<I*@A%9B+&
z{=lKEV>R$~ilwHIzt(tMoY{NjS3wcqLdS>Ph>!klf3&#s)q#GombZ#a#lQjsf>3RR
z|Harj1?LicYd^Ma?AT6r>}1EbtsUF8?YyyVXUDc}+fGjYb<TJ3Rh^4-Gu6FjYV}N4
zP0gD1d%9Q4>RG8qS%mB&DqeB1`djo2lC4LpQ^iboE_6gqhllk-p=o|WOPhoB1j88J
ziB8DXOVo&4hBms&*_`3+8Mx()H~zD*EF-mMWI1JE3|)kR4zW2*T{lCrm5Kd7XYj1^
zidN<2NhuAY((*GTeE)+X@2@#R_#|vg2bJm~p0P$*CPxcK+W8QoKf<$nIU@0G_?!{r
z?M<BGO}B5YV&g_#i~S{dC~zUEClTz+rv3igN)~#mP~l6*>|_!6u_c}_e{xjS6I|49
zkBw4i#(v4Di9Z6+t5>m!UhB8WLX;K_Y+2(oo(6(-Uw%+6SH{1a{L<JaceB!|Uoj=l
z5^)ud3hXu>2~Q&^_=zR-oCMdcSwwX(Hee*_t@tQ&0(D$$qESbEP2azNS%jo7uSE?Y
z3CCkI55x)BOr9jew^OK@NL<OpSE#9IU7x4W#|E93|9w>k6no<3v63ndaQ0O=fZbEZ
z&oby<@GjA1cBkv@^WM#&P}$6pam#u2V|c)4DBs4(<7kK4TAHXX<QxcgjExUu4STEn
zd#n>UiJ?E^=&VwX7hY)d&%4_z;&<r64KJpkuELGL+k+FuYG1&9I#1=}(48>Sja$8(
zVarMV3A)1(dFZKdJF>wJ0%I@V3EekBoS&5Q`1R3!<G@M7E|9!JYCO^3zI6{5e7*7S
zzLUcvFYoz5K76n3O+I~XcV4w3I{Ushim5(PvjTVUz>bN2L-uk)O$pi|1UMr7uO?fs
zAAe)lr{Ddz%-#6ka=L!s*Syu0-wd}mMV3e%SADdHUkw{R6>!~ygla3z@7LmjD7sXW
z&79K*C(yTkwhX!sahW^3_k42`o=SlV-?%^jP&J*$FBIX-f&t&(fz=l;dLL#?pyoL&
z%sPc;#Q`t+0?v>5?!>P8we2mf$ppA7#UZ-)3%U9s5;<hB1oR^hG9~Gr)9>+va(|98
z*0Cmy-e2Q!@I3gmvhErpSQL*#2gHAP*y_WfPF3=t6s6l==aqUj2mAHvYfQDLR=GsG
z8Bj>x|HA<nlDFmx+YV(KD6jT+zkL$gs1eTc##AD;!=UQs7)!3N>9hc<Mq}139P8z<
zA&u);t&z>htTv<u7#ZS)R(QUh;NH+kxwLqYpahydaadNsz!`(8zOCx>SUXLmQ!w2-
zo6jrVD29gn+32s{d(dptd58O7YPhpmgS-6{tGZ3VbPB8;HlQH}_7-)J=CP&8%YO6r
zqsgMO7-a1o>KtvRo=dnV5v-W5>dzB>?XkR&&Y>3e)y7h)Y)RlD%Ndv0B-O^T&f2?*
zt7zg1t>m&KT}5dm>BPqC>K82`mE)x-gRJV|rzgLMNAq3#6H}=fa1W4bmJDHMimkMj
zTsg~B_xH?B#Zwk^WG@ziLM9ytK#3>w;}U)OEG8jQptJQ#2eqMOifW=gW1}wTy_b3p
z?Y^6r8=+Tk0l$aIA62c36Oz-nYJKS{UBnhbKZ_L%M69P!okldoh-TTu`@%CW!W=i3
z)}sXW%c~|rjSemTM94kXSwD)@{6b7C`-`noO}4t%iE(2hi>J_7u<O)xEV*x^;f^M{
zc?#PeFu+c=k{u!7j90AU=w7BINY}GU<M~^P(p%T975PZn`2?v&c$9>6{Fl1MtvFi$
z^T6PiJ(t0sQDNnhMO$o;b30@jzMVhCUC7ufZT_O=ttj^QvN}ciF+5BC^a@HLmETsR
zC@jsDymU{C<@@|G7i-4GGy$~g^YpU3Oorkpq!nu=Nwwm;ziA{?{Nu((s>;q*UKVk&
zHgo=cppbQhLu6Cb4e~A0bqt1ir1sOGFD9I2jB9u()i)K-Em@e<V=)LX-+*n@Hu~>{
z*CXFV%Ldv?%6aoyHek$OC8(514Q$b6pj*VF({NN4KxX^}D=$@fbg!C{e8_4z$?#)=
z?JBKHVNWjHm5v%tMP^i1o*imR@nZp9WFHF1-45F;VnX5mTT@Bn#p|_4@R1&(hcI|#
z(y^V;j-r7NHw-b&L6yJE=rMv$(?!m54DDIkCK+536>?;*<bCtq@O))$eW2d=@-<m9
zbH24rdOD~NDk0}au`UHfLE7tQ3&yo7Qk`HQT(0P>g3ZWs&-c#ubbd+k%F88QUU6nf
zlzQcS$v6KK+9kvk7C7?Tc0Xu)I$pRSo-*=WbZ0<Nq(1%I_|1Q@<-*nRbn-d7^)TS&
z%+8OWrU!AAdB0`-oLy({=Iq9GSBl>3S#mUgJF<cA+xAcvr)BdDh<Wl{?qYa)eLa1B
zT(x%nz2SNPzFT48`m)x_*T}Fn_cUm|onsTjk<;9MHICZO(InR`z5N_=S#Uo-HGg&4
z#$vM?I>dvQUNwcee|OrDD0MC6>$F99@%-{?QR2CB>N2r3Y2$h_d2;$Xe{VH?b=hL!
z`+eHbKYq$>30`$o>&@GGiTC)d8*=nRXSZ^nuMVW1^%*ao-k)~8F0x#QN(zJvjIIcB
zJf>dtAO6<%uJ6yE`aOQP+pnBOyI4D34>Yek{f1B9<SeSO*?Qnudm6oz@;pe(+*jK@
z+|AubeD>Jve@X(hGXSDBr%xr`$x3RXj)y7mu2Nn5XBBK)cCOmoZuhQm{C8_p#CBjU
z!8((~c8tHgSe>dr<2`+NJK<vAF2`GruRE%4FBfn+dpb>~zUE!;8S&N_LLZWOS)VUo
z-JIH(8ZX^l3s^1@UX}Ve`T3p1Yo^6*16=9e$6rrmBC|tmL!SgYo^!T;9)!Vjc`Lom
zY-48g=5C_9le2@>%ZQbik(*(9id&~-x!s+E0RM0Hb_PrPs;6iDtLXy1GeUcn?6TLV
zDf<QsyGK7qgDY<T>&`-B8SfkO2J5s-)y?K<?K<cBiH|{zZ1Yw#S8wS&?`hW+XTkdH
z_5OS_Z+*vb|E}oxiPOiu>@eSY=ii>LOWo`yZtwegUM^d?Q}^?KgjvlsQz5#kS1nr^
z*LqhuT=Prr>jX1-7OryB0DRpHwN0h#?6y^2oK6m#x4^{c?(y|aK{Hl@u1+4;$pXO+
z$F+41xhaP2nfuSJ+tHg&sqD-veY>x(hakO2$fwj@)9d<<=ex)7`L5G7ip=BpO&!OF
zp@JHol5d~4yTAH5*{k#EOc^%L>&Fi#O|O<t+`NQc?XA3?zB4%R)*g3*E~mQBM;n~S
z9o4G^9lq9tF)lWDIKZCIohG&jTRrX`S2@-=bhi37L7)B4Phl?YYDbsjZT9Y0IXxa8
zT#dZfjr;J3&z}8P?~yG9pTgg@^PVou%pIXM^fl4m@5RS1>rOSUUaf6CYy{D!o8#wn
zj@R|xUtb%%4IQ{$^Bl6<r+fuZtgKtE-JMoFa1--OLo4jnL+_YX^QgAx8*FO@Qx9V+
zwzdd13^ma%$4?h7P8Kc`Ikz5e-j=~GEhY%3K6cK(50=HR5o?Arvk9!7t39(hRF~UU
zxi6&OyFQQe;`mN1N;<4~eLcGETMfE#wh;96-nyQ*thZ0`pR$h4N~%{m?Zqid0#k8q
zZ7)+pcpuwiczGJFsc)<<_*<rI<!s<eCZm@(3vP4otIyMHPf~Z+@26hZuPW|Y+U>ub
z7BV2bk0-|))@O5DTu)<V5kGq?rc!si?dQLlJy>|U+=n1StCZeroxjdrPmKFrVxFeV
z3YN3iyVtSdLoRdQzb=MWZrR_nr*1kOYwg`E+DmM%UuwN~3E^9+CzjtcKR+|KL#u8c
zHO?oysct%bTb=K|I@vs|#c=%Rm28c-2pZEHngr!a^iJMmTF!4|9IvCDnVGlKTZ(yI
z7}mO;v)6Zr=I;yCF83SOw}$kmFXo<BJ3H+8cs;M1qUU>b5uf`>T;7htni)RwczJ(s
zoZCEVZSpoa&!07i*luq=J%zX&Kkims9fq@byVoOc5a@a=G+KWTw5?tvPIHLMo)B~s
zv~8-TYI!evvcEB};s2F>UM+L?=F95FzK9kJ9M6P*I-A^bWA%1v?O)%2-fY-1ar1In
z^YM0BUB$oV_vK#UNA$SdS~@LrAD0zgfa(Oe$jTvVnwlLvWR<bmb#esm?r!{*<L-Js
zI(<FNY$%w@-0o;8*mmu40z5L**otL(onJhdy6tT^r8)Yzu>NjopBg+mkt*Rf|Jk%7
zMrJsh!+JltMJ_a3-;I-(4-o44`TTUd!i4yiJ#OW=Zz`bYihq>Vd3nA1^ZFmfbMhdT
zuBT^fyRgTK5nKZJ05Q+&E&a3RJuR!A%dX;(7voOf7fS@rww~GjYN44W&F&5!s{}Dx
zy2}?)>{ASvC4nifTRk_jF;B&pEYBAaTv}hdeCA;0%eOWi*{AC{j$7w0Q?8-eHs*h`
zY#+Du8pW&bpSvb?0lHf&1!}rI+~4QLuSM@BAMMX~3!Lda>%Xn8ecU<mnzpi>Y)d#c
zyEt$u^e*OazjmE#tZfiDCQtwI9(P60W;z~wSg~TccgbFV)SCRLTDG(BF0mb#m@Il&
z9N;~<xU3#cH|J+?xO&$UpD`~{JGgNgb8>L{9gi<uJa`=tYoh1vmYudPV%FxXPaCJ(
zYxE%c=WTjiJzCwFgSZX(xV*bPEk7S!9(+~^ygAbX#d4jmVq`m87I;@rnlD<+QnyMw
zcDuOTeP^y*qS{U~N_0FIu&tkR5VqyC0%u=m*Q1Z|=bL-5YQ&d6XUDhl=51!zQ!_uO
zP8L@#U&K9ijtjl*n$GVy&pQuHkE5+OTwLUyC#&lWnnN#BH|;ALoLT>V+pI8b3ceTd
zdpNTcrE*-0;ZE!Q=#`1Ry_-2*WPDihtnuNwj`!6##CgqFu>fC>m#?|crXTIg_;6i2
zmq#=F9TzcgxJNk#gj-MS+_vwY$KFQUTe#O<jVD)n00I}WhlhH{MJwkMJN_G)buZVs
zGroeFj`?nGuA<aSh3|m|h<Doy;q%ukgYzR(Mi0)S)NI#4h5|v?mygBt%Pt<*9GBIv
z`_#bZ%M4t(Dy89vDZOa==-I=e(Zk-4O&+{x-C(WIlFPu|)KjhgTiwg{uAfhv^X4{|
z&LfwZR<WbQ{Pwl(BLjEle)Q=z#bxUBTdHmG=lpSrS;^+OZV4{ll`~?DShn}RgOyFQ
zM|Q(5JpW~9qj)OsmbY{Fth4OaoXq{Id4r=5SK~8eOIHg;^Yg=|*n3iQUzLs7%LlGG
z7<)=L0P(~8vnPk0V|gtN<ck=um-@bkZ~VyD_i6ly`Fo$ky<5{}S^3RX`nbDoN!N<5
zq5Dfdmg`%<I&<Nk2N1fk^90)Nr<(m8J*oQiVf$In^SyoW8V*;iO2oojKw|#8h&W09
zB}(mP+G^oG=CJui8tyECi3Au{Vg#B@ofC+-vTA@JM?M|AOyuL0-6Cuo+&ydq>%JzC
zEdE9HXPojg)Ik_K#0;SByN~aL$L}qVx4);~pE5b<)*x=>5sb)fgsRd<t6o=(n3DO0
z<KTNt>|SERDL1<*U+YtNk@et>#O@HOMnI6NSqlwVCcGb<)C`|ka!y}#&wZvcJF6Lp
z+Hm=2AGX$}`#m|I^-Z1MJ)=q`U;T3O#?Y=%4v);x%0PrHmMDA@Np6~mr-NgX17FkH
zR)$Os!#sRQ4t|xU9ZgHRuO3BYihH3pVCQuZf=WS_o{m+IJpp~C_YA*#$Q^}`JiF0r
ziz~;M(ask%tu`akl(WAlCnx`Y4p*sKxqtNxDwPZwcqKWSZ0wl!<Pvuj-zTe2h4S9_
zv{$bY9!lhVL(;#a@S-34HhfC4fA6bWX?$O<^C*5{juZOL@b5NH*3dl%OlSjES&hl_
z{D-3$ky<|d;h>_ShsNXzC3Fd|Da-4G%!m=;EVZtJt7~Z=8S-BSO%vCETV6#+OeB1P
zX~h$vBng4-D7-LGV77dWa2W5@nQ7#x$C`w$LE0;!WGV%^f^t<?gRyc?)%{yPWb2CP
z#Z-U{uaXZP)kZ`PBHmKm2q_=K4h=t@4cmxg`^=3XK))pDFkzIIjLf0pHss{%p68Pk
zP+`<%e{T~g^#BV?j;OZzOSb|N&mJ696@?O!vo4s`3lO>v>AMhe?*P-*ONHGXG6UZ;
z=lbjUQ%_G*7T@zzS68#O+%HbGEp(bygco=|XZT&~-wT_Z8<=ng|2}xx>$FW{a<RVi
zPH^88ojq{#_J0-<%)1Pn8@a0m#kBD4b`p<ADBh1W9nT&`bjLF3z>(VouH3g$o#Rs<
zD9js^Lvv<Dse_RdJM!4Gs`A*7m;dr0(2Z;@v~>LYQ`6+??;eXrI6xjC(Y7SAg$rV<
zmR~>7v|qRz>E#k!*@&;#aqbE=ME_@3eo4Z_f3?w6Q2V;$%-mQ~fMbX?tvt=}K;ovw
zx(-9IR2O^0zSPPlaU18{Xj})eI9g@S9B0pWun>n(CEC0R&OW!nno~8c{L<E~!FtZT
zMN^jKwxS<zCje)<8KLSWc-jY0w=)G)%{)xZ_I?mg$&Jyrui{moyS1EiIIcp&&6{3~
z=or%TeA(ia@UabA@)?sO`DM$Z^=(_xRCn;*J$f(jp~pF%va_7)jPw@8HP9Ro*9P2n
z^hH+BFi>aHmp&~b#{{oQX4~dj2lH2xv51d_ED!DvBMTe`SYo>Mbo>xethlhzS`h*)
z54DX34H0m^nqdrbXo&&DH$%GOfQUJ#G-Kw)Py<~*%q1sKS+D8RK5;K&jJJs5xzdZX
z;VSX{tSEVy=JGyDy656;TVN2@eJ!41%`o{HpWxoaMg@7d4)I)2OU(}AREva>?~!9{
zRgZDEbsLBsM9GT3akm-|K@bRC&${N{iN3Oh0q}`fZ!gjUB(UWTjzc+>50LQYId+Ru
z8(f;%M(4ySnKl9jatvR47upr_9`BDQFN`e0`H3vL-rau0Ss#I^Gpt71X{{=ZGj(~G
zk&iP402eKq7nZC9WNsDs%oIpmls3`|4Gn*My4f63;|QxU<~{mH2gCP9OlKz!uMI4x
z1Jw24-uoyaQn|408;c%ep!MVPOp)3`J$OKigw?1ah~L=(*GWc8#gv@Ct8Ro7Y5tXb
zpcmO-_O*8%9Y9kq;oEbkF?Lp|_ZxURb^kl%smJ#2<i01}NJ~2!Iy$r+@jjyxsG49N
z2CQkZvqnE{W*`o%?ippM{x=6u51QStmC3tbZcsX)&qBm~+j7fx4B$enARDD_M&WX|
zx@+X$eztrvt=BU*^U3XpIG0T>B%`$lrqv&l@K+*<fY&GX_J*pO^R0I;jC$qzPP9sC
zzMcgSHVGqM$&_c_Dc^)Ie!I2lld}Bp%uKoaCqU8Xb0!a>z_&?&T&9k^QH+N<l~3+K
z4#ppXo%&J=7~cwRQAt-{yw?h41Ra!xZymWG2cLWoz6D)nb>9r1zCEM&IuAX81zjY2
zETMW#DCJk9k4bF;=mD3HkFYdZQ$zX|KCoI&lAny~EdlyN0gutga)Kq}moz`O42J11
zQOQWe3e{?m2NSDl;Mn(B%n5<c^7ty<2xGi_gyV%hNl2s_W1>VT-K`NhLXABwWT>>y
zOvEa4jI3BLJl;G?ks1mplvMEQi<ZJj2sdeH5^0%$H{}z)7~Tg9BR2!KZ)<fCK9WnD
zMgka4hp-?jV8{+$r<g<44(`~8Sb<M1YAhOMpFixfcFyY5;d6S4lJd;Ly0<sA*{eC<
z$QeUQKi^UNjq}er)D%8!hFCLkd>E&%7ZPU@rbY7?M7*ri==N|pYw@WdZhd!SSMKMT
zmv?Qk2HV;6%C=Jo%X@s=Hu<_QjctAR@L1c@U4Pr&eu&Vgje8N96Ac@fcOkDGps)uy
zkB<}#SZiN$_rx#<uBi09{k_|R+4CW+BAtX^Xjq9xiqrSh`9jZssad0$0|DlJK9Jpr
zWZ#pV!;8OHj1-^g)W6EW+IKTuCBFxDGd?x1YHC>u3JMNVmi<?2fiwVu3cI8TPVYA-
z>kG*wYA2jO4hxv>v{qa}@Qf?yPnUSIP;+v@bB2HiqquD@oaLs0iqBeS0jv#zirY^(
zFqpDGMrMR-t?UFWh?DC$1|x+RCE;9^%UIh=uGev}t1PoUr*$}bF|J*d_>d16`|oP$
zLSZdWi`&r#9QMj7d@`DtVD*_Dzv$Dw&EK~Tf6N$C5i{1!qx6`HJ;s`z;RB`UA?JE0
zkR?(Y6lZnp1o&G#rXM#5sF0xWE2Y{o)>N4YJf}1Ki_;%7Yo>CUK))B>V+qu2U9tw_
zmhTQJH5O~0E@Btk^Me$Ds24sSFw2+QStfByu$^q=I|xv6qVVD#HLtigvl~utQ~fPI
z{l|(2wvDhd^CDvP+~0Y&u$!q#$TWxrP^C0&*(ajiNrHD@5+*0<9Elf9i%a+o2WjYk
zh-@Z&flV#Ai?*-gx5lC*=JEb1I8e7Mxtl*A<LIVvPEu>phI+K`iVENcN^C10ro-&d
zk2fIg{d)lwE?l-NG18##>Ms`0l<1Y3Zf&=dpmWCPnF?`%Ta&DwoJ)m~w`5ra-+MX~
zwlx4NN(7tIe9a`B{ROgyG_t1qM@cF7K|Dv~;*NVp_-O^aW7P-*n3LHL6l6GAy(rCF
zrx|^)L2o4;DWp|ccs#e6mxBC*0Le;GzK1rUOfVh%SID%V8>$P5OC=G12C}}RayQ7N
z0Qkkw8hm<vx-EE~2^41{+2&N4#jicw?;1fKO6nliP)KQ^M)Dbfu+4}UWSSW`ea9-%
zR=MJ(!KByK%L?}4G{?-@i<cs>-w%eDC!5R1=FD}RY~e3}qqMaJHXsT-^>p$-l7_kd
zCd`5KtcsTq)1Q>4i74{{aqs%fL3$aJN3mlcP&R|LW`ZML(>XfoSHcavAxN}sgxO2v
z5+*p3=3f#6q~X~uk%3$xf+jBo8}E2lNdOG`@uYY85Nd*`U6YlfjS{93()Wovi3L`J
z;8O34{^+jp%k+J*>_Ya669Nq=u}(LaATQ|F$fwDsh3i)N-?K;hS7rTiBn#;=F7)aI
z^=rabxdXMW+_iWZK?}EvU4z?(410HTkM=tm0b&hd<~t+c_NghDEc_u8xEJ;ep9RNS
z8!dfpigYJa=BBhAWgbrGSTP@|d&n2$zSL*@!B=2BQEF)V_B3EUpKmYxO9LDXx~wtY
zKD$c82B!O?!%ZUQMvbisf%#Kt6h3AIJg%lNE7u>R8q6DI$FbvfxbX@#S0KCb@?yh8
z?tSwM0KA}BFf)4dM)g!Fc0>U(1{SEoUYMBGJEmI6UIXYI4N`*jC<wTKE=HtCTo#Hp
zc$9q{mP$RUJRw40*hkPhZDtcbEfV}I)Uzp)yF)R8<9oY^4|MoZaLk~o!HqvFgJyTd
zz6+CnUB-@!e<3S(xrZSorPWpB^|v+rx#aIJ3S+fBWm{ogMHjH27kjw*T>1J<(dI;f
z{6m6{VqdA#5QliOP;gMLaIiTG`~oQsiqqxq{<YoLs5>6%wtuWy%hH-=3I^;;*f1UX
zcCWCb>LCMU(x$cLo5t(oE#Ilw)jEJ#ka}BxO?UUj)+d_-4|wt*d1;vI?AATvyLDxl
z=$Q>A&G=npJ%#VGDB($1if8WQI}eeo;7g2^4~S(Y{dNC|8?|cBduAahF-q(TZC81a
zdE{#g6_fl`P}LU8KNwDu8SMi5>X2A7MHYGM5wWTT-loFmOhC!pj-2?-hNyywnW83A
z657U{0GKn1kN>)~YxF*Cx{ccs^*W6H*-UN~Jgoxn)Lt<{hz{O^nn!3@_@En6zF>!_
z5~W&%C3at%T8=LfJGv#sSeQ#Utd}E<CJ>UNN!j5;apL%-b_Od<q?_J$%SBVw2^}GY
zDyZR=U=bCrv&f*>h3;07hW~-_Nm14bbXNcKq`#d4iC#Krc6)yOl7j(1Fnt3#hbbC+
zkLy=%6@&3NPf5_03^M-0olOXFWn?%?e!8LR_Y{|wx+ciz?6BR~hZT)}5l~rVOo=9+
z0uh(EOt~_DT{ll1v^-O~9!<I$GFo^T`3kxRG)I#GGG?7Uc}w_Qrz8fq$pXqnZw4qJ
z<F#&s$q>y_ceYU<G}8U-M2u=N>`C<yNUXdFM|1#Je`|EYIRIBjZfL<AJyRC$YD8sL
zCikPbtR0I@$vyX6VXF8dp^^hw(Z#@WsOP1LDpb=abXUnM7$eHKH`1v$FG;%`e7|je
zQPWd-aG93xZCtf$Ubk&D^(~TvlWX!(i?=?Zq7}sjS-UbG@XnM^NyFy(4|C!9lxGqK
zj3xB7jU`)!xlHxX9gE0lfsZ+MZigC>^PQ^AV6tpwp;ZwvsC~2iCOIisYG}Lc{hRfl
z&tsemr7yUY?EuI-VR=&+p4K4GQV^9_Kkz^PsIWl=quPxMpC)cZXv>uXVN8kX(Fqy+
zj*Eh0V`Lx>UhkYN+>JcAa)cewfhzK*5+$W7eW)@?i4Ik48aR~SjS!MonG>n6WoPu)
z@gE^KG)M0#R87hB&-j)VpCdMDOu`5<tf>)9^dhe#OtKe$7^^SEPca%wKR-BZB|)FA
z0qF7m=xERFy&#M)y`Fc!o96kI{)G5x2K-d=12D$_JEp+lJv#2$jjM~5-!j6s#wqRc
zt9UY_$8HE$ceq03f=(yYfR1g-m!{xk%`gw6uLRUZTK`&EClBh=xB{0X0o0YSWlgic
zR@sjp$#B7zM8^Ue?xL}D4h(7hkilu$VBwl05&J1F_7l?v@uI3hx>tO~zKGCRl>Nd#
z;L}*4lWz?*p}_z!TLQk3yNRX;z|fY@1pVE0zd9x#7nqAh%H9OC0;`Hn70%{QjDMM<
z8;|6Efx{jy8v-I_&!lceu1d+?u7bJ)Fz>X{mDsc5+uI{$`BEKG|3)9LI!=oIH9xom
zX{;zmfu+(=R`DZRI))6tg-#gQd=Yt{&|gZ{_um-tC1pS-8GxJt1rkiWiIdh-SZ9uJ
ztcbar;J@KoXr{E|p+`lFd2?hUPE^n$_a7G*ByGI)cSa^nSY{KRx};<^bhILwr*Jgm
zwCI4=G54Lok;pjcd#(=~AiS3mCP8FvyuUOxZPwX!Uj!)o9{FfatgU3WiQ70(6uEY6
z$RL3jy$Y5tJOLLTA^S$V%f8vQg_9Et$AMFI8AXVOg3pTpnRt*Kq!xyE9X+P=I687b
zH(hdxBV10H*r?ACm34w0*&n_C<K5FD;08^mszl?~dR~iyKOC&)Z^M)^oF~G2L8E0o
z>8O>#xjgP^%&2l{SR`oFT)+7~hKC1s8Ib7EUq49t<q0H6Yyp{cQE3i@_7hQj;l%$T
z7jBG1*Jb5|^>t`hsW$CEt~cIilA=?In&><1Ytq%ynDz6e5hDQgM-IeYYi@p>COw^r
zvyyisD>+&XJ3`ailEzRRN6^=39XDP`&q&Cs)FsA*X_jk)zQ7|yI^=75>a}LiB-Cbw
z3i+CVQW(c)ULGhc)eI{>3=HN+>PO0_nIZfIyYKgiik|O29m}Tg-6W6B{m~oz4GUf@
z5$foUV(;aPX)AL6=sYKtEkh^Ghk+I<HZC_BbT2M=h6l?k!f4;dwvS-6o&P}64Dvd&
zq5v`xIz;{ImkCsad>gp4&d>U^5-cZU>SI2@YiaO>OKFUl?%TUn{|Y<nY8dsR8cfz@
zC(>|WwGPwQyJ5tDcNV_gq~rC6m9J2@Idh=w?Xn<_pk~eLw)*2kH0uK~8jHVT1KD#O
z_L$IVAvkU!t%aY}ZUH_a<Mb&M0xsX5w$F`y^=k%eS{S3US<U;X3P$%rbmKg9$gD|g
zjC{18>fT-tBL9-#S-4UW)~eLX-?TQv6kSl6w!{r|^*U)(92rpB^gEl+)emiC9O{CT
zanZ2Ia_E6j<I}8q)XS5;OBn4kUGX^}-6{xAT3))5aSNsNwftp9#%-m~jU+5!iij*u
z-w&1*?kIRK2@M`O8)l}Ynu;jJQcudM|BSEW7)OF}q)*li!MS%Hf)#z18_kV~EvRtL
zX~Ik~Dm<mqP^GXz$T*?D4c+@-CewAI3#w$@*l|DA%(sgsBTj(%9zA2Oacd{ifEJNy
zTx8HE1=BvWv|6+CyPAr$nDi$plsM7JjONlxNF}cp&h|6KqDk91iBAwiwEb~+^bs6{
z%dARuAa`DDEV492hE1=ePhg9@L>(`1*VZPJGF!rD%xd?gTqG&DeCyO}geg{>EM}RF
zlCB}GXAF%SIs@CAj@(2^X|Z_$Ga$Yq!sGHVc9E~6MnMoVFY;}=VkbUmf9}-x_3_^~
zvalyYJM<*FI89}<c%14;FNXTPZsu6&uB<~9FvnhZ<ST(rHJ6f!d<Mjql^{}OjiHlf
zXE)$!6JIAtle8yF<u>D(ST02~ydhx30vzVm@3jS~NZkcBX^W|y*91%~<5FF$3XBs)
zt6(zRSmDyIZ4$pftV`TwGg}A=$9)?!runOEd_OpEfB0t4*SQXKx@>MFV8KQP)^^rL
zUFFLd)OSc#B6JN{OQl{4Ip66F^pRCU*l+G$_@*6IjbWyXAtmz<ev&|-CxM=RAJcYi
zz6*2#Byc&6+gX!HamJ%i!5>41$vr;AGHwbcDu^X+*RTNj85zqLp5%ak&GgveZuX=%
zMyB#{Dj#*|Zwmkl6QN2I`QI28PM&y-VoTaK^&c{~VAr5r&3|c<%Bcf8P}dXolJ@QS
z3pMD(@34WoI`laPV8Tg0oh$u#*f(=Gw^lBuhsa$^4_&hCK1XX}eE|x%8^P@h2KW?S
zih)w*{1rU;vA+F*FSob0GOsm&ML9Vi?+=5jhtEX7;0(&}`@Zeu%ikLBkJr(fa96o2
zx4H4lGxrqDb!i8iHCMN5bG@Pf)VUg%fqq2_;Lt5RKR&;M)fQ%Wud!G45nGv1k4Y)^
z<+z@J_(MVcP=v?wrju7P^I~BMm~JU&m^1wh1qU`GwgsdEn41aFDpKu=I@cPs<D@@A
z)|q-G@Je43rt1f@-|jp`z59NvsMyPQK_7<<r1zPAF9)LqnxOt$`@NJL!`!iuZ%a`U
zAoN&EL`&0qiwH?W>Hbd1=ji{&ju>>2Y%)JzFwJ$4iy(U@hT3?tB?q6MeZOw}z2^48
zKpuS31o${h)$&=~QlSr|x|bpEii(5J3!x8$6*GPeKAJR#y+U<fdQ<~f+ylwc8g8**
zh;7cau=G+@N6f9Xk017d<0(^$zM5ubp&X<~)j=;BI4Hh6!iElQDdYo1(DoKW+8Icx
z|7kM8n*P7eK?5r>##1{h@zC^KP%A63B}EG>F?r6<H9jfiB6oqANSHDx5?`!GC4`fA
zVEpINvPDnDhDxa2GnyF$TO+JV;B4|NptGW7=|xd;<!@qRaIDhbFWD&KU%T~WlBCPE
zCUleP79+meEGh8|&I}pI)VD<wdw66G{nDYWfWpIjCaC+_n&pMT4FMwv4N@q8F*e5Z
zv093@i}e~|)t*=HzjhI>j^JXzNI)u}L()6xPn-}c?`~ty_}|@x4`Vvxj)BZaeZ)r{
zfq0X#g`<fk9{@D;YM)R9q^HCxo?3g^i^=U!UQX)qE)aRC5SU;nR6i%+l}TIW!90CL
zh<<dAy+UuJW6hL>QZvKESH0n4?pH_S2t8fBROEj*O?zqor<3WGg0b4Cn~JgeqM>P=
zilK3N@M9QgXdL;OyI)d1c9DPc*}dz!Y3rNO&s@x)J+&2Uw1m+;ztd*v`|BZc@i?#z
zFtnF%(>~OTvat|D{)o+{mcOFj#rl#OGB1X@(SAQXSy~AA+(=HlHmQv>=iXSYY13_+
zS1r!c+KJvRS;FcSRxYY8sC@pKfjWvAQdZe(TuH&1G_sJA;q}$lI-9$AC}HCkl-LAU
zdfl2RP{Mrg2}|4?s~=StBnm4Hm^LF;BEJ<8<*)Qe+T__Q_7N3!kvXmis?w<x%wvUq
zS2E{}n(mvfIB1v_63pbULBYU*U1<QL1Q$13ki-#!P^=j-lRurT`@7z!UCr2qxOXvM
zXAQ1o0TU}$ZZs5UIAL66+?n>-gm{&+aurwQg&T$AEzSE*NkoWqd)P?t&vEG27;*KY
z3(kg6aHQF-5$;edO;^Ccp-eZ*t4c<eqfZT`;Y+D-MQ_jCL^%gUH>81Ll3x>oK*bqW
zhgRSH<fzL|84sfzang|sag*mD2g?4h7mP9_4UhUVfwB#f-kAUKCQpsld|n2VEQ|gR
zr%sZSCcs4#;HC-iXm?8Y5}V8z?zSt7_|uyfyd2d=+Id8pCRhi0E{VZ~o&<%h120b$
zFQn^K$tZ%7Zz;m_pnw#pP*|{q(MpmY=k!|r+r?}u?KMCm(GQHg77r4Xj3-@wJVdAg
z@4DuF2h8K8{G|1%D$aX98q)iVksDF$9==%@I2QC`SP1%P5K@wafz)OtAQwZ4wy3?f
z(S-2Uvlj>wn1i<T4bmx#8qCD`S^al)4fE7IXZjosMk@CiF=VnIrh{Ryb9xR{0r@=}
z#T_K|bl&D$jr~sDBLwRKpFP+xoru*;zSLsnVa7#Bx-m~GDm`@u24=rt7wsRUR`Xdd
zE!1D4NGe%M^levIVW@8zka=gzVMXBrRlH6@!e~H^5vLah3HeV23mOSh8rNva=HENr
zUk5BsMXy0)IdTvjY&h>Y=d4(G&z>k)Z{rsZEDjWL5QxC|ubu#Kf*A&X9C)7EJ*9Qo
z3yX)GUX?yFLk@_0`5Bt(IfW3_vNH9^MHeC6OuKFUNut_J7;gCdM=VLYNCC44K~#zj
zG*sDYW%(xMH{1b(-K0#{c6r2GrKBMh1=l)F7)k;N5pyqut4?0B1&{THxbmdAB*Tbb
zX`gaRXBjTlztnmE;?LW?Y5LTlB><=2SuHqA+|jmcBy%GhV+(eXIqMf!HxmnT(Dkmw
z(y1jgBF<>kz3g?}Q-=|=qW`)YzS28n*eRYPK2j?Z;Oon{2Nd(PqJlcn0t1D^t7GX)
z7_Kyi326VQk*QJ31qx2+iOgGsnyROaV=x6owv?Q-6~Dre6|G5;m#U_F!L-GMWXa8Y
zWPtyGsIkTD0*w)m(>?KjKW+oVeP3}4EWTpOW3<uUHIYf!FP5~Amz48sK%2>^6j6Jm
zw+5>O)2$yZKMVK=dC3_n4=Z{PqbMG9B*p(CvjGLa^R5fhquj@odKGo>i7(V6J>P!K
z0g`&Am~Lsc4bIpbU8LDUMT#K<(zc^&7URmIItETGS{48SmTB<@Zz^D@q`|Q0ig*F|
z=`aD-B)zF$=j1(j`bgCUK&1XaFPL~?tTc%jTv`Cz$pj~gQi{c+03AJ9@MKD}qH~?+
zWBYX~GseA$SIcBEV&V~_>kv3P%H|U^p*vv;K?_)m0bR?9$6v#*c+UpNTke44^8GeM
zx)3%bx2xjTq5r%R4Cx5gYt*JApyA;=6FY9G{pVVRK|N60gV;dBcf+@-Lbi>m2kYVr
z>?8S5R4~PeVva0$<HcTQV_2ab6NvM)wTXY6-(%`M>2upmb4MRvpd(_&8fAv{ilgLU
z^12(f_HW!@3-VwOBDUtFxR#S`c%j&)+N<LbXG2hvVUpw{;<Zi{YCHzwfJuFHOAHS9
zmG*UHr{RPa6g`XMc3#C{fdueeG>WDLDiz@eSg6jn(hIXPDmS1iZ`q6aDb~QZvp^b#
zyb?Y89tT@^`ZS5~@<_2^>fJ1Z!v|<Hoj*1jx2{YOyJ%j{Qe<2S*RvK2ti@ix1bK-M
znP5ALesfUFXP8{~TFww_i$7W0`G<krBN7TAUuYg)XzfgN2!)uB`QWSn$O-7+QDahf
zP#tjSN{`7?FuC#`N1mXI3hx*=fFt4Z!kF?(m3LF}4c570Zfg8VJM3+zP<&wq(|Qdv
z&=qTpwf}w(s=bPAUsfz0kja^m4_J|7(733G4pPcTw=eG>jklU6@fGRZz$uI85V2Ln
zQ^9J3B=7++`F@4JsYpvXEK%%b;(rTGa&rruHVD5I0(py9gV@K$PkWsw3U=8QS19QG
zelob$$K)@^>M}j?`Xx>Xs^Rs~eiG`Dc}4jY)lSb@rgvCal>nhVRZ)n1iFGS(h<sHG
z+x8B<yS*3`qUT$LI=mUOQ!W*=ojoegddtn?8NN!h4a-zMQcWBjgi^KSn(_PzbsbM5
zVKXOwQ!%IGA03+8x}g)cG(@U6OZB4ZzU{tHf&iN?S6#vrr?j{^iy}O`Ayte)c)>kc
z&BsfxvB~2u>+U$NwsV`A^$K#o;N*=+JyeP>8%@PRUqQOL9A3P-X%(sjVml{0!PP6B
z`8QZO1V@Rau^I-%b?&t&*TArLH2(sMjLncv1Z%RD(WjD{8i(hNF=BS6^lkz56%}nT
zd=dH&EmL7dNwuKP&qBw?hgQkH%7n>>kSC|i0COZSyDmva4Gz1=5gi^mwX<gp#>3|D
z_-OqwX{=D^%-=ZN6bO$DBzbBGXdmjOT9z#RB_0&W7MQ6^H+LaTOVwM|lFhVw0s%fp
zYRdb6)4Zq)Y%y`O9%##jMgpHS&1xc==2%3}%5Ki2T~$4XW(<DWRqah#3bz?{v!(ko
z54dFc0nE_lyXIIel@7Fvb8u*s%v8oexU6J+kNAkZv8na-!uv!5y^%70Wn=UlB5NwL
zcysS_SB3Bt^P{0xneQmrQC9WBVGt}DfhqhWA43Q;cA+{^h{O_IWgk_t99-mrbR0dQ
zl@Pvq6~xXy?8<acdA4yMC%m(xyWV_*&)-)*a*CxF2j`;fTIN9PdpB2cM;bD%^na*R
zZdW#$FBY7eRse-qutsW2WVQ)a0!-5vgL74&P-CuWx3r!<l;z75QbY+wfqbk^;^d?g
zu4hZ-E3G{v$hG;Bhl|G&0MirlMpRgJWUXv;>GMIG<_v$vrB{>zWs3{W(ebiLpNij7
z-WE_p5}2g<Av_Lt6Y_e1Ay_qq6nt<KY+A9-0PrROe5=9M*b|@j4mzFvyZ>rVwK4Ca
z*_VSez^cXh7K5W16wBx@N-5IM3^C{1KH`#ll)NtjIdb4Glkre@OS332vCas{Hev7j
z1#S6Q7N332S~?T{kiF+Nb99*r+O@^mC8#G!heA(ybfYu=QiDM8^T^>9kC`gMEF&Fz
zTct-05}79C5DeSMT}AJ^*kRhOYH>Mh99R+q2I4tXPs_~$c842X+9J3>xk_xQiOC5Q
z1F^3*Sf#}zlo%mEpfZ3=iaTu19`bbOQA3?63LL92O664iYUEV(@}QH@=bz~KTawb2
zYLTJ2OPL%fS7Sg3+gZ@W6-e6#ZM7Iws`Z-)KO+4Pf6d5yTHY}|Bz%~}kOnZb{R75G
zb3Whb{qb{5YdpzzG#6C{bx(*S8Ck>P6Y^n5aGGKIFIg9|7j$DgXUz!ePZ13j@Zi9J
zHJF!;hCUF!$YqUxCGBe<e2Z+DH)WNbx$+4s7_h0Dloz~hG_9E$N59aOgO`r37SYBQ
zu-?2T7unFq&;(B{VVh`ZlKg1P+vFAW@}z0B6x{Pl$Aq9qIu`Z*)#DDz6Sl&D@;#Rg
z%0sYg75OjFjmU#I?JB~HnqW)5y_AFF9&pjiHwz+^rwFzCKtp<+ogX~T^muSWdilKM
zBfKooUHZw%v{XbeBfii!$7~lKfbzLgeh>|-*L;BTu_<Wupn>s48a%!y1^+unl*a=B
zK++)l%Vi58zwp!!mUKG(oV5mAYl?vYu9c)g0HO3${?p#DQk0aisj2@;bmO5{o7)$_
z_z+d>KmZwq4V^Dwe6I9@3jSXaAm}ei$z}ga^3_EbN*j%XEmg?u6Tm;q3FG3tssb<^
z&d5yYZeHUfw07>TCAD|%n_zTylqxpB`S{gmVZAKz!|Oq?UKVHr^KdXR`{n6iqzp?T
zf`gfq0|V}U>^J|YX_Di?6p!2*{;Wpf>{n|E3G-TPn$&I85iqUGSP3yTC<VYq*kY{G
zT4w@Jk>t74@U?t~vBa5hCpCmfKgXX4a%!UkS8QxCRT5<K;Dvbn%_qGr&3Ni3J^`ZK
zp-ofJTB}vY+SqS_>^RrQyl)LpkX{hXWr{5;iD3rKhLtQG{nhd-NmGro&yV-dH*9Np
z?kS`}fV&8=DmkwFc0ocSE8JB>2v}^faBQaBST4oM>(Kn9Lv~W((f3>IcP9le1IcU?
zl+zYkx(|j1wn=f&9>Lx=PxSg-lRGxHg1w$5I|#DSAHQ#&BTdi<4-}f4%D=#t^~cah
zS?sp18OILDE*ZzOTqC}zjz>)xzx47bKMOI0;%EQjS>a1BZ<VmkDto%fTO8#*X)3pq
zheLcA<msrz{u(iqKaqa;e9|W-Zau!L*qh4`9gUY@6IRv*p_?=_&qxyTZEZI~-)~g|
zujhftAiXRC|7$gbt6zk41lY2gZ7{=3c`x`)N6>G+Gu$}+t9z!Mb_{z*^MDt_e!h?w
zgLhHJ*}6K|3!@|ayf?BW;SO8+Gv?ec(F(yZ{+GCTcc9||aJdw?a7I=<(QGj~X{@p#
zTsp_fzV6#FWsjLi^nJJ1WR{X(=Xp6}lol&nz~+IR=x51HwqL5+Ptl7PegWS5Jy8;u
z7;~Q2))W-i!#&e33WsdoKd&wO=Jqh<J)=hTm7ggdU#->It>c&)L_A=1MWpt{^UB#j
zpe`Ytdr%Z11Y$rE;%|~I#i1xZ==87K6;swYGB**L#Q))QLT0rhCd}!?65L4RWJ*U3
zY_(?!t^~-mPA3@S{D>vyUwOoBJG3y2uTeT)<hF0(n{X>q>}r!P(!&nDOLSdKYUpSy
zuBy2R%2VCI>EVSi{AW?`XWRGyZa{LE+TvDzcwkq=5-Nc#G(7Y)_6v+g3mOMH86hAK
zr#qY;jZ<#NO+NCP;Z~(m2ADz0^kq&kO|zQ0$HG+?!f?nJ*vf@66%^mk%@GpLDND^w
z*BesTjE=l_A`Jy6E_<Gj$qPb~*;2e?@4q1&6?dM~_@KmSia4Za2l)D@RgG7jEL7-A
z%48E)Ln93}4xK?;zEde$GoPFF=xV?(xQ&!o9Bgx)=Z(TjbIu%VY*q7VlGs}+r4gV%
zX^-ks4;2eKsg*?L>}(DGtzRoV9q)dACnn=C*wyN;ap!71w+tHoj}49chO<8zQcIu3
zi1=V9A;g~aH4$e@gsU?n)*V_|-h)sHL?pq4*_J5L=MIGlL`ztH4PwVahe&du0Gecr
z1V3)tq*2WKn+D~5%?;+XTDdq1cc+~lAB-NKm}|+h-48h59R;;Qrk)XH9k#PhlM;~8
z+(WvY|8TchY8^q|>E@gEiGp!O0f$2BEavYu7<H<DBlr@of19paRN9LN<_c_841)=t
zxjLqETG(?+n-VY->>|#^jiDdrPi*@q?xaMijs|&r02*owF`J*GLF?>2LkC`Yd82v{
zuh;NbY|RpZ8Kz0{j+r0cGElJJ+GOxpgdg?e__i3#j)fTCfbWkid}-`(8p+%wq2s!Z
z5W^b~>q#R7?V1f=6z@xlv9a7M6FTtxfg=c;1S=^#s0Yo!n{Vnu)tQ<TFy$#qA+;@5
zl4gM`#en@%iqbUP%{1ze9ITCa&tv*t;6u!EQ)*b<ir@%Q_sy+C2f82)r_&{2aH<YJ
zwlwt*oD>#cJLfNa`lB`BvZc$jYRktft5a{-nj6U#QM=4``9M>zAvMdV+-0f?>7h2I
z6cy+)RW}Rcks$HU8Rj1e35j1*Uvm;f#SgHX?lbNZ9b>X)ip{4KJ#2oZ>Pa29od$h1
z=v%3Y;6epW8dZ?gIR#^c3<Y}C2yqn(hpk-Nc?0cB`Jr^!qmo!44zwoXkBCGeSLAT2
zf}llxQc!ZN(8k0;npX8uyC3sIb`IMMN$XU4TO_aW%9}TIN|rb}#7FCv{DuaGNQfei
zWea;kI3;5W^bwESv4%(gAD!!Erefwp#uB~F;gP+3m`0mZ$;;(GI{KI&s24u+^~s+V
z^!dU?z<wXeNI!Jin=AdAATwe|mYVVwqR4yrh*p7E<s>!gRBQ)#qWO-}`HR}i!(lz{
zpC+7S$Y&&H^&4P)r?sCjndyWfi%ZCFcKC~O<BSD|*`Ml`@IQ3!g~=X^&wvmxKzp=v
zM!6IDX?B1pBvFOx|3l|qKvm{M3oAA~;ogTLDrwc@rOQqQ;e!4H<C1qXrHSx}j%IJI
z>ZZMQLI4RB1k3v2-Q0OKJHb3^gGuma$_M)SQ*fz{QpLg}QIj(x_u%FXrC1uW_WP3Y
zqj2%FFJKaTHeUJOri|y3wE{M1i1C<S$a|nCh*#<dx9ga03!Lj#u-s>nT$Zq0XOWy|
zFq~%*zt3QPW8|oPN<5m`R1-*wVn3&Q9uzyG)qmLZwVLunB_H8Sok#Wz@lbfTZiqO>
z08hP9>Wr6P(x#y#y0ZhgISGqC5?Je&I|-7^Y_7=jnstsx7AL{tp*^LBT#HzQN7l9M
zt6@pKDWz@X)0TE}py4s(Oysi%a=E+(P4)sTpId_Ou}D=RmL084L_sn4R~mW^kb0`E
zzE~vMu?}z+q!#Ps^8*iPA1!M|74eKwvCWB>WPV)r3BWe-R0*2gfzV9^1VOk;Yvro-
zz5RX9L&eyjP!Z%K_WyyT&JAd^IgtYEdV)RyHJQQs@gJZn)C+H%kY{gaKA}9I{9Ymc
z?QP)HO&#d3U}x2{9HYc`p%=hx_YlhYWj@t@?O5-8ufShG>A(cE6av|Qfs);U%2|Mt
zhQF3K5w_X3zTZXO_?@D@y$jy2k(Tus@_WQ`hlE9M)llm1Mn1WRFVsX2QwR6eME2AM
zchp3;)$$8z_qwlcKQ$GeOl}|f6^%bz!ppujXCIpOPJC;j-Xg4ZY`AOC8T2ry^iW9j
zQ1JDz^mNal<S}5s?RK@+;(6U>RH<9{iR*6>1*?JhH5YgcN55Chum?HG66AjpBNqFK
zlD6N!$82Nu_=$aAVMjm6iTGxZcc<aOJYpdWw27{H2u`$E$e~;H)dSTbag!ly@ysCR
zRI1fz+5IN<I*B&e-)|Xa-sEsN&E}buno-kPyeCa|*`67|r%A;R?bn%)))niLVOo_;
z@^ix<`;%a?#tiWLM|MrPKo~X!aKlrxap)cRNNtNFN2R=ZYS1%FKuU&aJH^RA(Har}
zR5_h1H)II5%Kl(Q6VgEe`sb+VQUYH$ry_q~j4*UrLS!MsbyZ?xL74w(N?9EUWWD;G
zx637K1YZ4{EAmfJq#_IwTtfX#<bSBn9*l=cMKp$dRLAU>z5#{OVWVU7<qX%PSyF7&
zCUd57&R>@N_g5H&M6XyJC+w!JQLLfPu>S+;jIrC)lw`ejPzW)&-gI1r19dMBw%x1H
z18k1L-DdfVK?IXgE(P%1Kk2v%RD3U4X|9Y6t{q=g&z~KoYa~l<rtfUCIa_v;Myn!L
zQV3dh)X=#-6|omW_hsb>z4{Va<fak5m<#hV*IaNGnPQUVJM}Tc{gTz{eFmm(fnVE(
z&4>dtL6XtpmzSk1wV9VM>LhAm_IFVYg9RJ45A0S5N!tk;jBnJEO7L$IhmSSq0(ler
z!I5qooOc}npW3wqrxvd6BTj{}X<6V`1xR>y=_G|A0|$iQ2a8|!_o+|hwOL~3CB}Q8
z9J^^yG=;g){z7oDu{N<Xwbewq_<#O%mhGY)A``@!-UXoM%jBE2Da$ufJl(^R`4jU+
zqSt_*1OtmoX|Sc4#92K25EALsm{ecQVW~kK3|i}LBQY*zbzDdA=kV@3i|~>hLjZL?
zN|R+_cG$CGa}{ev^3G%{kp~yqC_-8^ilzp@IuSy-)%wlrZ`+TWI;=@(k_sLS9;0V1
z3L;OPA{Dz<_J#yL-D(2&wfo_$lU(AV$UXB~bDoj|MF$s8-Je~c0u>pbz@qViEdr@8
z6<H_e&I$^;q`CD%2qG@|UEI_oII>iy%RD$+1BgOxsOKbww!j#3viKna8G>gvpQ!}m
zI8`<KW?IL*)Cd$gXd^423A9oDzW|d!Y`?BIE70dv=&umoabdB2&9GF=m>ddtR>;75
z$$<JS@VKjWo+MbJ*~}H2sX5-FBA2<b#`P?-C`1qsheG(W#)t~l+6MxFlGKoolB$33
zZ1WkO2@`t?$YaY}jiOQ@*m7E!?ykdq>2KgspE@k`fp<ViSgbM8msA>!na!{D5Q_~A
zO=9U2R5qir7Q8MjJW_%9-)GF9@AwxraDO73>h=SGA=JNsJQ8wW6rl6|yJhBEyVMg`
zc8y^Vdk3<yZs5b-0WsujOn(^if^k2@PA{uJ3$(jKZF@|O%ezy51>s?Dfhfqzw;bxv
z0fuG>lbH)QA(>Ds>sXA>^6JPBX?b-lua4!_vAjC&e06{}8kNx%7su;F)0F-usnJdg
znmX&KOz5;I1*S%5UDd(-4m3;#DB!2*VR|6F6}ZV%$IlzwMQ1IeB#J&8@vOec*GtC;
zCeTg6@CrdDdd}!3(@$JVy|780qA!x(7f-QnfSGzK3jC1;3rLhEhSy#z0V=pua<tcj
z!Lgd9%29#}!ji7V-eF2BRlEi@^55f@th<Hq0M65~H$DrdT#$b1nmC<`to>pOnV5{n
zq5fsG_vBbmaqSkUg)(TUvEtJ(^!hS`eEGts=Q<c1tIsq`CY`omCZ#|L8u>uerQGd6
z!#RVP*z%OeHFj&^uw^)ZcC=NMG#q+^2lwgo=T%LkGu|pM?^M6QQ@vwFP-}ig?FAO}
zKz^c#p8^qCRZ~>DVm=AuX=1C2s|6#y0`xow+m_td6%aA>qqNZj7t@kEaG_JtSKs8X
zkO-X2<On;xV$xKF&Pp78!}-@Cj$!B(i#J4f^pg3MlyozLKx6W1e}IQk((SUV1)~_L
zbWa|a?2Fi2Zhft!#6XQZ4J;6S*IHn<{eJf#${E`|&`h@fu(Pc@jS=&$$$VE_4igCQ
zUSv|akCFV#tSizcC5U<{ead7%HWJ`shmR}Kl~tCez9{2Ms*U9^UL;56<~YFC(JlpE
zB2+&{1gr*YS9}cX9KrGeT=feK4CWpqCJUMGfItwrx^v<&f5Lr7$A2qn8BQekaphOV
zzrM_Zkcd;|cp;%=uzO5mD@hrF(wK!vLu|*!D*hLYJ)r@AU-+J({u^j4Kk6wju%?av
z&b}_KpOg#pPQKN|i)UXK1FvybXYOMB=TNo(N*ri3p0B}!cBo~G0WZjds?YKl?nJ#Q
z6y4+5;%yw?x6w?$DaY}Hvf>hvOIBRl@=wHyyYasN;kfb8xC@0C?3NG+adjyoQ88Z-
zRD5Y{`9Y|K<VhAnhx|mN;ELYJnO2>W9|aGUa!N%5j|M?Kz2z~sOy%g2KRu-8a;b7E
zoa<8Mw7lmEpQXy_e}T&B8w$lb+K$O~e9vd05{}nVjiYL?mQ@W`!ZThIVxy*o=Q;#v
zDMY89Ke7<L6q=Vp^OBj+KYt)*VktBiJxifE+xd@zhx-c6(RFwq-@JhWq7W;mC^#^K
zxgouX+_BUF{Gb2&??7Fo|MOq}O|F@BF%6LdE0@za{kRIdyq<Eq$Xz5l+8CyqNcdB_
zD&=S{!Cqi<-R7&tSYLdoVe#>2Hyf)Xc34@I$H4^h9t14JSWZ>1T-H^RiQ5$hX)-Ek
z7U&Fe(Y^BQ>C?@8?vlh^Qh+WUGK+$%YG!;*`oQH<ca;VVm&RAQ1`9&2^SY`LU!^`y
z^Bf9hA~nwASumrvJy+46fh;mawdHtd5OBka0<6(=3A4g%mJoQFN~DBuvuVyWpcyr$
z(E!&lUKy(~$_RdpT@IqcAj}PO0m23LV28T&LZv8%FQd^$Xojd|aQvb!VQz>yq+tYr
zK5-LkX;f+enCm!Tsxvuu*ChSdN5gk}GConpI*LxH?tY`5*ciURbeufVXEwW{Fm}0&
zRzMtXO53$A@obleXe1}bl=C3YqNaglvq_YJP6bJ`z`AgmAN*h47~MFD5yV4_B~N__
zg;d~QQO7_?Wt6DRu9!`<3l`-{kK^Y<Oh;RslNaU+*%mM>r3&npfz+_PN8NX4#N!@D
zF+{VMTUMXh7V=i+4^C9)K>EsC@-A2-2b!KWa8<1MZmN=c9HuaHt>0(Np2sC$)TXgi
z%~QEIwS&gQiTWW{>=kjsjH$)05bJo#6b-=@RtQO@;nnSAK>L`HP$nq={}P9KND(M8
zxa0A_3ZZh-DsiYO?qNkeR5$vfN8(uNuqQ+mXKcAer(#E4Bchx3vjh!LmGYthX3UHb
zVS0`1s7#y%h{yVbi8CZq|3pV_BJ0{lo$AMUAY<PH+rmm=lbLO=>UVYb2np9@=7V}k
z?h);UjJX4FYrw}5tC*lyGdJ!>>=}V*ag3>5L}9rLlk%Ajs~jH_Rh>0SYh@i2<$e>@
ze9C9|CW&IeQSlRNk|fI%Q6okm6H^S{^^fJ9<mzsk*jYKc^y0z5d{r$sEJPKj)R0Ue
z<TELt6xlK47olFZ?*e{Sd-_yr^B{Bo3SnUuvRsbQ0vD#l<*qu=@69BCp-Ra{8DA9l
zK$sQfy2NxCI3&5n#3>l_D@H86Xdq4<^BtInyf3B}^Qmu4=lT5*fmQ0SL;{r}CvHUL
zqaZOE>I-nP*wAWn<?)Z#gTXN*#=t-2?$Kq7z$ejY*QP<RMs{q62O*)h*mbKBZHcCq
z0vwSe5L<YG`<_fjD3KI$;@RT9l;lV426vSNoLn<Vh2c01*q{70sqI0rE<rppnxt`=
z?I=ewb8Qv`lI@p#gcdx+<5BYIiuv<T<brckrFrEl6HL)QJcug2hU^A5Sc+S8A|7!k
z!RSB|m5>wD3PQ`hm|4LT84hh1QGyGf1v6Vo;rOi)Vg@85kxn7vSc`Y5ey`+rE~I^&
zEBr)V;y{G_8YlFT>r#ZLW0}lL_L9mG6HPGc%d{py{6ZNeDJYDGg&br}4?X>e&JiGj
z2Qlm*gN(R`hyv$Frr(RI9!P$$2K6xArp1C)0_4sD(FUDAbM52w=6VX0J{d)*O)s+U
z5=t-wX(1-MRWOTs(dm{<(-;Bc{);G4l!Dy~17=S$DW0Njp#yy&iH|{5s-=iYkw<tE
z^TtvokR*9g*Hs%LP75<(zK>&5l&_4VPx7Qn<O6{gQmVNTd?0O;sGmUQ@k&U0C4(%U
z^Qsyll)#WgFbE}0M*W0-*hQr?Q2P_-+d}3}%<oYk&zf~5SbkuU^+rA&-(12rM}lse
zQNBy%TpB~YZvx@u01fV=d}0P_a>uZ0P!v?=QuCOhWSWA5LW;N}xef(P(tT>@Vot{r
zMX9RCQ=DY7^y9i_W<p*;@Tfea7)dI(g5+aM;?s!A4mWcX#mF0lLvG-f#-m&gc7Q?U
zct!hI{sBk#Sjhz-4v~f=g$+nn6%G1HnVnnBT4`k2O}3PBqd^`g%O*T2I<M;K&peO&
z;WpXj1=XnWNn}voc)D5AFpdlP*MI!yJ@Y6Rhn3U}mdxh?OFz+Wl|=r5_NGcF1}mG}
zmE{XE075RLiSU{O1Yj;CRga}ipc@UbY7G*|MXUh*bHvL&R{t=#3sn?^)aUtpV%e-H
zhqi*DuJFf)ESTy5tU~nw-vUO$UM0KsEC`u@a2)5}<E}k_Qg3JCEeCQ{Jb5d~sGORz
zWVumxIum>NS=kn@k<Oo_Q~J~9?N0MtZsVQid9;(|zl-zvldn=NykdVARc@@iM<1MM
z)WmpgM1lVFA+Z%zuMbn@?6Y{&+$u7i<D^IwjOHejGjfC4`5u7rty-3ZIx`|7QLzty
zW;48dB345cAH~`MQJ<xKjQPwpDd^hBuK2DQk2O*tq4yNjEXInKN*n<tNpxwIb|e#r
zlkuDc++iUk+L63bQbiu=d&TXH2}e_sSGhe}(ZQ*d?su?PnU@snn*cxAQ*(RegYw_!
zS5Uy2mV$?pJC;F27a=FimAb{bq-g4bFp4l)wd8-3Jj-^H<ZdT+_rI5Zp4bYIkCGB8
zVI^g?g5<tFBMnd1l_@ISfe)zUf>pWOuokQ`i;8z*)o^=)lmuHW;k}1rE8i^cJh>@2
zDNG7{cO1}!9GyZ#DfEWQBh!e`AjOk_WhNh;nM8_dJ_`XIrF|q(#eM6-a<O_)lwwq$
zmszUy1W72?1*u0l{(w+tvLJ*`;)I&XF+eHoyaJh4ot9VzN>jbEZ~nGkeF7f*GJAOL
zp^yo_H{XDaVKI<JZo*^1kEu%#g(QHFmz+E{iA3-+!FlA`t2K8dhN8}wJ(so4WI0_`
zd?&*MSDoxrWk$|?haLivUIzvr=^||#tSqchcdH(36)Olybm=RcP?-u}vgg>5BKd%=
z$3<#%^#shuTHgx4PXuBgDFd6-Ya^`?BH(ASM4uCi=u+shpi9PVO0O*L2Z?C_(Zf{*
ziBneb7IZOUE5yXgNpnEB=kY-4=M-`u2T#Z~XiNnN@s}+87gbw?<%4=7$CaJ9Cg~&j
z0p2#j`5+G_`CQQsmO>I3L@zU=QI+-rNPwzDIII{`DkJt+y{yZ(bHZwq+|KEhl6QGI
zJ(P4?e3)GX@;Ev4Clz?Fyim&51b(c>c`3&4eLLhl8+Ojnu>=?db+V&ubtxIWd~8|B
z5*82?G$TS$KAr53R&1M5zk-Q2xq%7dru=%{nnVOVL6NIAZAW^lc{5*}VsMR<x?<`k
zj82$cF>>;g5f_u0t#|i{ADg=uiY3YJY^;+S5DVRHz_yXGt5j=lNKDY-M)Da}IFS6P
z<n@hcHj;mIgy@0PPtff0-5fDjkjY`ngHZgkMh+&VEl{=*NgDB3aB>M0mi7=ab4oT4
z8zo_x#gQuC6YWY=NnFy7vW7m4bw;d4rEaI{BVRa7lSwO1G|>tJpL!zxZT|+@)4NdN
zGRm7MGrGA^&LGB)nor9)#Hti^b^VQlnD{;vlb59D866Q-{ekvT%7xO~I%3MCg}Qt*
zb0KGg=%a|*YPRD9jZ)+x`mDC5bDO-AyBE|r3*Kkt$K|d(M&eGZP_-<4-$mNlZJgep
zWX?&WXjE86((P1znLx^r<u{HMM9!N@R1i>Tt1F$N3LkvA@h4etDAL}P_93s!D&kd-
zz0gfMqY|&+H6}^Rb!`5gr&x&;yO24K<p{0MPGl9N8FQ6nU%?9~?T^OX(DGSA_ABe<
z{!EKC(Yxu!57e>1y7Q7KT6*?8W@7%ltV^|u?uTbxDle_C$hv%EJ4#L6(^ogpmesH&
zM3qV`cv%^06;~#%<-4&P*FrAxE={;KWs2=(=anjMe_>rQH{oEa|EMBlH8s{oG}yS-
zk=TWnjV2yJl_-vZ>)gmA9O_H&TLJhjsG_86AKYfM`N2*2_>{m*djE*AU@cLV&0CNv
z-=}keRx0WHUzklDpM0(9wX_%72N(V?1Vv$o^L|wXInLtm;v4bj`a0=F1-xKfd>k<U
zO5V!A`c621R2r0?#N%25@>`c*ySh2RXlYSWb$mWFq9WcO8mr_(<Jjj=64i1q#1Dc^
z`Ow&77d|za`JoZ_TLSdoJi&+^GXH|TW%Cze9EtJb+kWWNkX_7QIHFlSu!7tU<{o?D
zP%jBk{C-HiY+vz-D*^i3M~8*<s=XF(`OjYh?rwi*#Hd{5js<xW=N}p*HT>-l4V*xk
zi7JJT?GFtYWP^A<5BYdD+5XTN&qEfhwpV@TtqPj-BJTS`<Fnd+W$TEjK&}l#HpCbI
zEFM<9Tm|_;-wOobR!D+6=u!1D!Tf~c2WkD0YZFGT)qMyY5|U7G#0L~q1=Ay`iPDuu
z0b#KNYogCcW1Qr31>=4xP99wBE{V%T!l)yNg3uuml3+lc3fzJ?bmaq8ssWRRtQqR7
ztjABy{O+o>^#iV>1c{pB>C6FElA2(Rj^1JBSb-&VmC!MtA(@Vswbsf>RX$abLpbM(
zIP64?{*7Or<x9aQpPHydD$dMTf(Zm-{*YMBLr;`}1hlQG(uQjnaU12Kk=Vi4GywAr
zTD@joHJZikXSqR0T?0MswOtAEMwLt;?TuA3mg||njefiNxTcwq6_DqvnbBGS5&MEq
zVBc2^G#iOiz;du?HuX-N<%Z9;%J<X5<~P9jjECGlGU6j*;2;V0g-;!ahL)jXAT8!6
zk0y#y@S%z!j~3=pAjxv=!+I?JH-N>7EJX=w4kie3nla)V^d&|zOOk6s{Ga7s1ev;1
z<x(fw?4s;YQ<luTl#s0`xtLL(x*=nxpw-pnM?y;69yBh5T8k1%B8Inun7k~s3bd>?
z5o@<LDmQ2yVJ#)D?KID6^Y-Io`Hxof`KQ(Gk3T2=tneAAO*(a{0J2YNzo*5dXb-Kb
zT1^9g##Tv(+ChbxfRLdJH+MOz%X4cH5FZ<&({kseCTYN!s#?i0Jp^jYbFGnu35jx#
zNKoiR?Oy^ng%DrXq__kn;R|a6=ceAQ>i>|sa}r-ADA#0<Gt{Uf6nzb2Q>JZQG7^b6
zctMSsK|x&f$5!Z5f1VKKrB6x4h-84^<A5=;=5mwe@4F{>t6}&Qcr}>J;O@k>WCV)}
z^shs4e0ITZFnBG5U?(dek4-mdw>LKXv$4q?YPlUJTz~TG<KJi02GwVmI;`V_<^I-5
zuBe^Q{*ioQGV%DHY8^4m1c~|hTQjCFYaf4p@@wMVlLw$SReB&S37i#0N*YU^wxk8#
zp(PC}lF&6_W`(b7WL$LU%>k%<ND-^+SgveQbU#$*{JLpg&c@7lS;&H>ki(k}^_rJ#
zUP#(YXO;(tLvW}*6QPj`!Mbk@RVMQRNHci0)}iK!EZ&YHU{nYr<K<omJ(E<0T>EHs
zibM90FUUo2)dQMHb-~?qjC6^bcwc%klZGPRE(?`cOEZSvC<8J8+o@ojBmEu@#0tpX
z(c#WPmo(NJ<alTBdR0ae%AW<3CVnpUb44HTx6#HxlR{zh$ExIfyp`50zHV|OSU0!}
z#*%e@#r!LaU9U?AwWh#yQ${<kLkH_W!GB6aoZ=lLy=J0JC<!cpF5ud?fWcNvo%~X=
zlFSWeenkZqm8>M>iXl=x#`%LRKf9CRmb4jlLHdi76X@Em&FFxS&D{&;6PFo+;Q58j
zX)Oan4Sw{&3<n?9<16ID`iJJ)r~mi={hxpR%cI9ne*U-B|NCP5<G&SMD-{<?*;Ud^
z#&c@lr%$V<Nhw{ADZ1vSE+W<X0mnm4pCfJm+8<Mt8crz9*g~Rfa+@5v_FVDl;P;1h
zmDe6a-OYbs)!ctzwZMPG)j<EDs+p#F80q#KuoUm)&jcBJG^N4gfZ3C^L_bf+ujDt~
zi#6!~$tuyl#9?J3Cbcbb<VA4e2^F=7=J|1LV%Z_{9|Ps+voPJc`jxzRK|+7Vo~#Ad
zEqnZg{Otv4lWq9zk!}INES{g6AkdIWF8@ju{8Ia;Hmd*fmr`t!U&~&LUek-c_@vax
z3numzCIzD|pIGfl!KZYgdfe9;JfylpL@aPn(!WO|0UT(4Pj&X<g?@x3^DQ6^s$jYz
z5nqiqsE!J0L^KjfD=Mi$^g$_Ah*~A7Lw(pK6r+$zq@Y((j0f0<YOr_TkIBXP#`{u-
zbV)z}7gA?;x4HbE(zU${#n6HPO89L?yAa_<Fo~kqYcgm5n#$c8<$zvz^a-dsvaRVf
zJ?vVasB!ABQ)gNafT=k9@Q;qGXry(qm7m&u&O#O~IWiUV1*u*ZxizbKp3*Z^JUz6R
z;V<|@$bFb;{L5?{sXG<(EtTu!@BdtBHk&KdvqsDhK>a~Ii`|6G4ZuYN^N*}wwO1gO
z1=*biA$OEx&K{dsF6hHnl=V;aKwX!INp3$DYnm6#T@!-AcxKrq^8vW(`l_|o-dby|
z$YcZLlDijIbY_R3H;rrCuZb7a-`5Q8tO#t0PB1YHDQqYG4CQ!e$iy|E{%%57P0Iz(
zmV{OV-r~&Pa`$2+1_Qs@RuH~T|Nc&8r}XTZPwnLJaUG`I54-Uon&k2dUs&$N%%*<g
zixolwgA1ujCa+i_M4}14Zl=n=!ztM1_RMi3*eR7(H<4pO<+PH2UPV(P<V(O^DEmur
z6UwIYEv|{owFPxn<cpj{oaz18XA|p2bO@c1VecTH?oq1ir3-7>s5}6d8q{&}r>f!X
zM0(i-<j8n!_>3wAZxB+)OLY`~i@ikl=S&}a@gD`VFmo-ihy0hGZwZcN9&1H3GfaZd
zS=N7j{2yQwdGP|hx2WSVv+?BPT1v;PP^lUeb%yP(+SK-@6o(WTQ|3@bT)4;Fo#TVi
zW<T|FnVK~^M9RGfA%aCWK1SdxgPzAK0XQWFP$bN14$YE8c_;BZs%s^EMEw}|1;q!I
z{uL98Nmmnz%;c7o5<{FaRcz7}oq-rRdv;;DDL42&W7|aO8cl8l33{Y7sOvTjSrD!R
z{bA_FZUt;TV201apowX;9p;9y<D1?wD?!6kw?(;bTdWg)mCC6uX$>>gLMXLu<X;j^
zoVrr;lhyt8#nlumFAeTqF&~45FI?+3f*nMuM*tP*%<obg@vqDD>Cidxnap^ZfTxd8
zITWjGxf32Q#)TECo6X>kGjpwQz7AC18qY%R2kR!gV)lAqT{Nk0Os$X^LI7K*p4Ehj
zxadLYm_J2#t42?j(-P+ML6t9$O5{Y9X#rgeqE%2H8NL1fAa?kNm5LGoDu<w=^%2;F
z++tECt$fItYkJ&rrK^x_fy2yf>{wx-YMYCt%Yxm7+aHqdLEiOTzOsXaZTK6n6}Xc$
zA*WTH)k^X-*~a<O1(FddSlWof^*v@pXHB`h#HXp8o|SoJ%G>%bwF}gxE{U(Q=O@_(
zK`f(8p-7xkm$gpwKM-xB*d+-mP$e3O%qI;MIrL7*4@W#z=Xv+xQmaFWvLA1N3T*E}
zqbTetduhbjBO}OZRFDrpPW+<gkw<q*-wtQqzhcc9dW|&E<2NA{=m%Urn*?v7rj$tR
zZDArdcpE!z7Hp0Z#3Fxpmu)N=&8WVAp6#4KJ%Km~NW*n%Q@Bfy3}+^jvrj_i69e<>
zYbvJPX-gFuV$xi=`ZdJ`Cm}ChQza%%XfVw9kS3iaWB;nOIFy`)E<Uc9YLx}asO*Tj
z7dmf@ZPI8z|E1MzwVSQ>pw-%j|3BBcRmBDZiZ)lVEiyu1c2?kgNscikv!;cTsEggS
zaCvh4b#l5@8(b42lv<*Mn^Ja}`Xxz!F+e2ibqRqXy5>KVq!^KFP%qj3LJ>sCNooL-
z#bSrD5kgvsb)$v~V}rC%%j1PAqk^<B3nGQ?7!RcFLTrVHjs&_-3{XDON881Ry5T>I
z2l;6GD+v7gy5T*G1ol*g^wbaLsp~QI9RhfM_|ToYK|7VMixq)7b=T;d1n1l#ET?8b
zP9>V^2jSGk*!Ky%`2&R9JXo+zoiLlq0GsO2n)0BUy4&Hq2GV?=5SoV$p1E(>%pC$|
z>V?WI=9GA^@R&+MRvr>_=U|wsaF?<`mx>UVs^FHYu$D@cl!da?J-%Nne5EXK<wpux
z`8L5SUn@+dR)ES67MgM|AL3epC}kliCBY{pVJC%Q88uy!^Xyw$@W>)zBLyR?8!A$y
zcQf?aA+*!Y!)U@?yi)qrLN3w+nc-L3zvBRkNG+KdCOV_U?j-V?7cU66&3@)*`0h{b
zND>;J^zC3jf-A{j_xJ$c!;i5qN&F(`Op=@eu14fF62FSwMxvS#=KVZJc1%+MR*Xcd
z4!PU{dDjEc>ZNS7CWrRh&mY&Uj57toUP+#iZ|t_Ad>O_pyoW18ylhIj(U091KtN6`
zUYZYH+VYpS{G~1b4`#~;6TUp@iL;+F=GV1<LFtVOW9Lp(2^<S`sA{U}hC&sp9L57z
zKbBB?Gn*xKToi@^`dCQHPcNwD!htuqgL!pvSLp?UL&5)B=mX#}f5LqSJOpIT1?rN=
z+`~)i3F&taq6DvZDWX{D7*QV!B;h2Hq^$|3ut27*kB=HxHT6+NI+<8TiQ)`PTu!)u
zO?@n=aGyGfax@F&WtJt(@)66LX_l5bd%$8^vb*C&iio7=kxUD`*gSsRyxY}zD--Kq
z)uyDlMP(L&DGv(QrS7?U&4bA86EdxmNc5M%^@;r7s_KjAc$LsVp2p%LCgVBjb#}?-
z^S?eTUh4w^T8#rTE~j!#yReCxNS+3}$5Gv+B=uSYTYF&_CTD^BC?p0HCyGobP)6I0
zHmCp|gg&EARIS%2)iI?;p2>_2_C<r+QEb-WU7zqP=8JBMLGBRGrk2};^4>68B;~}2
zxB;jnm7v#R08zmm?v^CW)qH$hK-Nhe8c|kVsO|<#Ruw{O;VR0_Ro-5K2kxgZNCFlF
zSZ}JNhz`tlO?nW~=;WgKzE-vK6z)qlI24~tqZ9%rOYvHVwACVOl_af-oR#akbiPmO
zT|woaQkqq)atiG#E=;?F#D+*K3eXfGPNU^mHuaT6^f|PH&zV%+8i0zKjEn2Ii84uR
zQdC79MUl^?Lp=}5xJ(4^1Tq<nllfuulFf-nEng8%@V!**hXx+-nnI3!Js2Fvqr-x6
z0l8+jy+)2)gTdLCCZ;ek2ute=h4QDIqLh+l={P%wgH=q+54GgO;!5>c&HJwWuk2JH
zDxH2AjBr2~Y&vJYSi+fa>Fr8YteLpB>KSk<E=*PAP6-A8Sa9F=%)|%<xK8A%qg2Ay
zVl!KyUl)8}bpUdr`jO%Z*Mq2<I$*~R`rvN6M)uHMPw4>4cwN(=z6paS0ShA^Jf&h%
z8m44QoXO0dShkH)a!EY^xsG5Ux7j32Ci}l*>gyVuYE>d6bV;tAgQy=h*OkddV38OY
zGT*V>GP8WY|4vCDcf4uuL{;zVkQ&R>(l0J4aw&&}*q<P7URUT&Dkv+c{<}oe*ur1z
z7b`$F)&9*RyPQBsC82(c)FTfGMWmz-a?nVN@g)eTLF&krj2WK+?w@pSb=-}zURz|i
z516aGKLVENR1d!N0M@08$)$>~kd#|ayjC<l>+~o~NWtP*pl%xYeZ+cI9pj;DExnfT
zWYz_kO$lBCSp&ysWUt#tezO$*<8ba-1{Ffx&S^glIw(s#SW7uzc@Kq$gX6_9aB#dB
z0$%Oz3r^?AV{SjB#^u9f<B*#VwlfZn1++*U37{lTj#vN^m|)CgU15jLQ2-ey>ybtt
zla?3TEh}$jeEO0<z_OB@G)4!<jZ}6$8pg*`+!eNU1>Q%J@pi>LO3P&sS&1T9R#@gS
z$<6ptAm&`Ajw~7avCnVjiw~ar#N+0@<{;q2LkFlR>dHDr++1v8vMP0^dX!lGSs;xT
z$#@_^2F)+CAfBvLp_KJgyS#8|mf%I}3n#BmJ^>S#k3nmS#6y?mhi3xJ*(zaI%%3Bs
zmAs{@nWygykZq_7>HFrQja6FWq?}(RwW~LXhxtC&a6#E;v6R5#*%yEbZhb_fQcI0(
z=0w>DQ+TZbHk(Y6;S5MHrM68B?s)b*2A-(&r?<4^pC%d4EIVvku7oTlChQ<Z*p!lP
zV%bdARp$YdEoVVhnqYilSF`fGmB|qrHlLXSl~<N2WK!k#nHn%iZ?LlfFjAWgf@+OW
zqWjJ%oJp-T&g82nGbW2AG$ucu=UDvI%=JxblwijvowFmW6Ln|KnE9~;3P-laf-3V1
zDpV!^4ay%u5TyR85>8!H3_f*BDiEZTpd_z@AB;v6^5$2dmd8q4ABC^VztbpxAcSUv
zvt!rOZPFO*9yeA=W4H(Z>F*AX%ahZSMYdygu5D7L-c2=;C@N=)sxx7eTA8d#iBBO7
zxl?G}tsFsF--RF7%f$MpcI%s&Ka^YFaIe6vFMg48>q|}nS0i%ki(f6>`o4=>U%YGu
zZhgtcTe|h7o~2vg(yi~0?ADh!`+rKezIc9j_UzNbh3sjTOI(g#4Nk(*kE)O*nT7?u
zN~9ua71f4H-q2eKVjQ7OvdqcwJ9-5sDp4q|9l3Q?iCZbb)IlzUj`gDj{*IG6Bs%6-
zg+lkzJ#dkEEZqYu+T6!I@Zr3(QpI#&%@h*`sl+^=-^>&4S`o3T^1J2ksyv(E0t3!|
zv5%VMdekA7XMO2ZrF;2s=KuI^s%8F<n=j4(OY{HI{J%8+FN}w!`9F`5rTKqp{x6)^
z()?crXKDT?OY{HI{GT54()_<P|1Zt|h0oIbpL~|)|EiC_mHGc)zT0!j-HUa3-!yT9
zuJ`tL_73;g9P@$tXti3cXIoqF-&U)Y`ER?m@yo`)w6~sZZftF}pS8FCrPbcr+Gza?
zX+2Q?rOzw~ssAsnd-s){+#lrmN!1=#M&mhk?6mtvu(BfP*xAnEJK({Bh$F-F-CS_r
z$Rr72T`))zWEu=)0XMkga2NH-Ci84QcR;^qFqirk4~TdfR}5cS`I-C%np$c%!8s&$
z3W1@1d|dYS38p}`?LftibC0=1nujC)RcRj*fpC^f_Fgt^@vFm4rWr^OQrDz5cbRS=
znYZNwf%@w_2*oIHR4z{pM$>s*hofnZ#VB=S&^Hp?TWT<%j!9V4U;yx9KLSvOD}Yyq
zt*y(y23XlWGpy{O%Nu@;fhREEKY0fc<R)hrB+gtgqb6WY7!7A)jkrw7N?o;_hfoE@
zM+Hp`;>HuAiWTVqc1*`|A*J<|MF}N?cl{=Wx`Lb|_3Hw8lbKxub9GvMrS;BW4UrWP
zA(JJ*NQO#xkf-ypZ<*@E>h`au#S`fTqXh-dOvP}b*U@2I5qGyoeHsdZ$YwOa;xGii
zfW53HjtfgeN<5posO$+=<E-T?B$jAn+z?|*G1r00Lm@yR1lc3R3(pnHMgk7jLeFPS
z$iWeE@*CDbNd_4QA0H?DLZ-7Z$ckbS*P+K?eQfjbx)9>j4{*~*SNl&%U{B;pNc%*j
zM{9HGn?d?aymK5-_)AR-$mUpSS;*D`hl!#!GMV|>$_gP}9x@b?=X|C#GjctOkwhkz
zAB4o35RV6eHMT(q8!tx?rQd)v8*&m-`x19C&42{O+?Y)`&T~!->aP6%?7jPb<G7J9
zx_|2_aOCXQcGi?7-+H3m<gCZ`bo)29+iSUJzI;i3Zis{=#uUL2q}|F)zrlH=^G@d#
z&JTqP0p4|KclX5H&9p@Vg+ifFC={v+h<Aw~8U}tydT5m3IFU*0v#Ly?A+ty%vF|3q
zBFi_i%`xJmm$8UA@{CCmgWrV@2V9{{Pylq|yNp0%lugVI-1EW_fz8T%7cq)h1!9c2
zH1tH8S{&0f^mGtElG*P8k(8xiDCfMjBZ{lb0Oyp8HI^We6smsJX`a3Hh07;$u};;T
zt|?hRz16)~rdWTO@h>y}WyY7y_^H>Ra2E@d&+Mt^$ou3fpqO9v3`U%^e7*(5RL+5O
z#g)B$KFg~5x&tOsa2ORNPjyi4b~s=mVb@(~hb!%7px_F>7v3o5>RU&j&B%u2b_e|C
z(1+>M2ZWggK(RE34%vwKM0oPq3?;OK#Pvtw!WAg8D-M<HF4%}G=e!==SD`LELjI(K
z061VWTX->@k`VA&&@?VZ2wLkP^Z~lr<FDR5k~sD~@<#<hj1m<1AcyyZR18nE(Ff|B
zM82dBfXab@A|IL<jlbd(rjg;Sf}3SL#dcY+LDthuWqt)JHAexlMd+#>f>eh+!8G-}
z+5t~s8ha!b!}<Ul20mSP%c!in9H$|l=5Jz}Mi*xv&`daxLw+HaMp5AF_CLrvj__V~
zRFb5aBw00e(;iBrNle3}*Xf+t%Dm=tbLBz-c_d&!HN=0)N;tNoXe*A*f<+JA66{Gv
zm#d4syCtC!2T8Cy6D!R`Uds}vuJB_1f;O|?(o<&t^Qh~nvEGC+u-^XH?;pNC%-R25
z_xp!0_P^(NwuCnPMvA4kB$%T!>M}GE<KMZn4Sm`>kC|3OX%~Eo{UjlfcTJvp@JUQ3
z6W{f5fc}!ZVK&oftFE3s==FOa_oUo#aOgR48t(0YaGV76i7S{}Tj<PZZh-wciNR9I
zq?m%FYd9t-O2>iEX3~?4c&Siqae$&UjwqA&^GMZHMr{~3>_l+;kGz2jdkch_<FnqE
z9=lCEjr0E>sqa334r=bX0^cPeBc6kO3M*$_8x8jV!=r;^d;aeq9SmN-%>U<jJTj;9
zoC<Wa(#TO`X6mC{5tr0KO4ZSaUHrYMroT*Z0Lr)JdRu74Y6qY@F%go-5ocwNOFc3~
z-Glz1Tdbl`V;OF_5`6m>IT3_Eb`#@9rEuzpA62wvFFSth`E(CQkrPvz4AEYT($ekQ
z$>{X<?(SyPqGm+mIS#pcrhA?5Zl2VJuPSu2H`sse^qsyl=!JgN^C^@O{oTWn4?h!5
zAY)c%db#5gI1biXI;F5DF@%1g?+y<SEAWVLjOQdFv5ti0L$I%pM^*TUf+5aOPlaB5
zanr#Qh+$sv+7b0m!o)u@UWxmvNgNaJERFqeI&x>kO9MZgUQ9!(U!Q*@ZkpXa=m0DU
z=Z?h21zQ0glVC&wSk}yAa@ba#e~e<8ch>yopa-%TA{<4zu~XW-b$HB`T+E@P3p)#>
z5VQH4a6Ft~*xF|Y%`~C`oi2XljoJ;WahGMEh(DbrLp133JEoauSTa9-#!?a&S%8sX
z!u)ASJVzAayJayz!_raL@}i6(#5vz}Eo;JURzVvG5ZTD-Sqg@4OWQyxogH4tuCs`A
z2fg}zp^aA^gAVy7fRT!FQZoHek+5!B_4`K^*xOS_l*>;Y*+4=9GABvAC_}QQ>Eo77
zi*otKvm;y%pZ8z1<6$zVAtOm9{PT@u+C(W?g@SP}cBz7gN)(U=E{exk#-akV-s8x>
z$0-+wa8T{=zm3n+RD8bYTUWbjv6*$myGoLQ$Y@cU%`4Z)M?b-8wDJUd9Cmb1T$eC*
zAJFL#?Rn&Jk0l;WlaAGu$iGkHAPXTborrQ_5Y@o7u>op}mRo><r1q7fAuCr@II?do
zI+qEtdoEz_LBifgX*?zO9trSbh>rV4ArT8YMExH8-%w6E^;yrdvVzCbKt0Bc3{fNx
z^f@!r={=Z9xFj2=Q~oN&_Yrm<@RZ!k1)4_5-v8YTQv9F)*^#QkJ>Te%m=nQ;1PDXa
z-RHVMgc*CHv2^f)1?7jB>h(=9+K*&$OD5Sm1B(|Y)4d>}0-_6KnnZzPqv?ItwFhzL
z9Zm1Es|l9DK~`+pE@QzEb?Ic%)xYl_N$gJ+*6Wn<RZXE5q*Fg+Lo`l9FCgA7jYuet
zphDrcCB=rCz2c`35S0vW6sqKKqm0F#)k~P1fU06qJjpLEjoH0O-_3^T)$d<rpX%qO
zQK$*+Y-ZLkxmoGr{4_qcr9f88l%XpyRuM=mCW9OLh6rTHz4*1KG>baI!uM*L!e?>Q
zL?aYgtP&VsGVbTpec((Va-J7^qM{(;N+9BV%@X3>`w`RM_WHZS;a)#mW#q#0F^Tb|
z)?*AU#-;O!@;!;EE_VF6ybnDl5oLZtV<}hmgiT!-Z#WKk%C|4Qqi&~Q$1Yp+<qC&P
zAvN&>5WF0e1ahAp0NhK5;e4$mVE637kF=oBi?msYJ`kNGrod)ZjHXyEFFb2G%xc$~
z6#;c|08>tHub?QG{E&obh|E4pQ`WuKFM;lPT^?A9>-uwjbG<oM9(5l?)+aG)nY(R8
z>LoFd`@KQGn{DGy1I(C-owU=P-kvd~&&-8e)F!P8MHP0xT$3v5u=}6K2C=F=z@%fg
zQ(Awgzy3DAYCp2fHot7IGWVx(M(#X(t}(rjrZM(1*XbxG_N!1O=aSR{Yk@V259u6p
z(n~osRPA)Kox<ni#e=rIc<{B^!zS4k;wv&{t;*1XJH`04V9%;O>oV+lT*96L0UY@+
zR?sFZ=x1e-T2p0fE_uBHE_q$bC1PXukDyG5f&MOSAi4b#czVQ{5btQqRe=kln9fNu
zBdIVA13KM593Ad=OFlC<#vDaGm`ez(@A@@krV8bmw!qS+5lnn^_%7LZS+fc1@bI7!
z1yM!}gqeY&6O$<LU3^MYuA>e*LgD&}2I-t{mjCj%PL>FzJynDTy@VO<DBlM`m~X&G
zq3ryxjaT_HZ8XLI^ar{4pZ)!p^Z#dhww4SDD2s+LoSiybGUma90EfHFk)ys|=p?e}
zd*S#f_X~bF9d@?R@6m`nk{Ac-vMPqQ8NsnT%ksa7+>hPUw<p(c&ack9JK7bAOIAll
zA#p5_yxmE-=rN*xYOhh{?KHM<k?99HHX7e7W0?+Y>i(BpDE<Uq3q6I9irnt%B~Q1{
z+XcLM+cO+aMg9pKBJ3t94s;FSDjO3<gGcad1<yU<oCk=VhfFx^3Xj@Y*`4#@R?3H%
z(g&XyIaN}|2Ly1zZcG_dP)wgj*eR4l79_Nx12o-&%E|*5$|V}w$&I*T7#Pb6n8D!!
zosma~h{gc`(++adr8iAxBur$2$TAelo0o_Y30emHz@Lyyb|qtmGR0TfjY^EbtJ-W0
zn}Tur!P1Dtg5@Ppw552kQ);F#zGnyh1>L2U%G(9KvfD8i#HRBjW!k7ZQLfU-Dm4$?
z4(N!gZ*qg11k5zOWa=k;E}ybZTCLi>WJ+5>J1D9rHc8PhpE~7RgQ`=vicMxePcyFQ
zEHNBP<*HJ}YDPntDOFeMwZdZWEkYthK8g&-7dNsC^=E=xdYrASxU0lMR39g{KX|M@
zscU;ESsW(&9I|jsS$)DNzevMl2`sx#Zo*7c9~yz`t&S<R!Jf>qAF%rgmt-iUA^C43
zdr3(_uCXuf6IxMN9z!+)waPWX1k<@$p{|@b{osH0O23P}*wJ^d4bYstV)nm!mA!^@
ztI!XOH+&bH1k4<8y<L=LvMu7PSDfWZZ`y-pWRCg%vw*ZhOUn7;2=mW+ndq1n*>VAP
zO+A&4bm{e=((19?T5(ismfX}@At_P4TF3%5>&3G2EfWjRLi<W*j&kv@-mku}Xxm(s
z&2Cd;CyhXrLnpqkxzbk-ptKNv*)c3vsMPzl#_)BmMQyWVh$Fvg7;)r(j*)C<#mkxO
zN(_6epKY#s0J+Adpn6;Ir7aOJ&zE@0?0+g;o5YD)B-aW9YKZ?iI5_U-?0^0J!x#JC
zvpf*qBL)|dk5K@zJ&=Z$>R3py*N7A^aGWi}<iReZ)7Ie7L#HH8lwqgS*+Lf*z>T(o
zyk{cPeC%@x@5^9$qb*g`hz+D^5~WZm4LuS=W*vp1^yg9;Se0b%bvhqDd>CUk>&!?n
z*U**FN7VI)dwVgN`YeeT&Y+jML`c-+zA;-SkP{+rj2uUpog94-&710U-i0nv=n!vL
z8K-d8CIm&QoC2_Z0G8|@LFe@L{N(N&y&s+5f>=jCU);S#Hz%Xf&+l%}&?^w_Qni2e
zpGX!zJGndg{$zA6s=WL8TGswgfzeiOJk)5IZy}mrni#c{v!>lcIwo!s$U91$N!hO3
zk`mSrm2zRvqfcQ#vA6d)=nV$FzE!N}#-2z_WDnI}I|!NO(BDbI66`)$wV{}kjRh+C
zm>)0sT3+phBvOKAr)ty~2_{Im!=uv^^dIN~eB!|rJxL+PH&r7D$P;%)QP;Y}P2bn1
zFBG#bXfw2m{Pk}ZfvlU~<SC?Z&@VzOI`OOPc=(qQd?~$fuDZo6oS>w=`NE7FaIw1I
z&2Z3A2>9&uL~BE)TYd=)!Rg|2Ole}e>iLg2AwLr7@sEQkjs0XcAENWqv(bsrXZ?SY
zA=*DW*5M9XfvO@C(ihCxB<Ancopv^f+LN$ywB`%P#Tf=wlyl|9OI1|qqF+&Asya#t
zK!U2y893?-QLZzXpbu{37<u0ywjX`)axZlPUK)6oe6S|0@Oz6g+c_7Q;$I04*{zjS
z_iC%#c!~b~IZG)L(kGFK7djcIp}da4%<b}`<>sEY`ky^?%eB!I|9yOrKmQ#Z9lpeW
zKFcGwr7;c2P^BBWS7B(S!3@glU%zuQ9jWJyd+gEeNmZf;&aGwc`BQDM93oS>>C}Z<
zRah`uN4(|4ZEbLyy+pZi;i_d2E;$F1rp^j;fZYC<JMc>3X?pKI&-k~U|K4Yu|3?Q0
zh53K<lK=Ht9&7$*5mMIVS3x!^2+9%@%Hdt|uA2E^uPcZG5l;2(%<<w$dHo!>3VrFJ
zZS|DR|Cae!Tes0L|Mw3L^Z6h4kNO8M^Zz-XE%ZI4Y&Nq$gELr5udvS6M%}j7a@y)_
zp*wLYPWC#>#j6Z5p}xM2#`eu~>c*W3jXPVpbiIls(r%JV;TX|4aV9i=!m-EH4T(%p
zjHXFv3r*4(^1Bt%xM2^hT=QXPOK;*#a578w-h!sFlZ9Kuj6~n{`vWdh2N2ydgb<h2
zJen$ff|faw8dMxf4Soxr9m?~e)U`u>Eb;A7pDLXx%1(u?FZts}`EhwCw6Dkq?Rk&i
zzO<D6dY{_$za*pnDs43B{|Ebr`SYKn<D-}L|2dwr_1|8js<eUaniTOnHLK97uC!to
z@-o{u`!vq~@=GL^YNKKP4-StC`hWlMMgM=6XI=dtZOe;4cD|yWz^YFD^(yL!5Gw^O
zipdnm9`8_ARcV=!$+n#;%MucQE@jrxtUr%lTk21`5xsU5$)6czx6rw`z6BVCj}bOm
znPpo&brBpSOlWZF`_i*@^UpH!zvLQ+R&6xM|AYP4gPi<7INE=a|IhL$`Cp;)<--4H
znp9|f#=RJsPY_GTAlE*lVFoTAl4}TSvco7VOlPaw4zmj$_v=|>I$PgHh~rBn;nxyL
zSZb^(Ka|y{FeFZfXpbcBo=^hVo_PWT$9H>4z<MtDqMOz3!7S6F>H}G<U>aQMeCJDM
zv8+DJwetyd98{oFy(z2JLD9dq=DDJp_@x)l-^jCq{--b6YTHKB`CrlhXaDuli~skt
zJni*A%n-J&Ny}Z0##M@ogeyoS^q9H;Es6<))CqJ_xRy&g2=8*xY(}3#<cFQD)eeAG
z-@?dqLxQ>_eC(C_ICO=1BvY)i{0+i$+U!<mOKTjjn7;Z)sjw=xsfR{F@yj$l4sPOy
z9`Y0AatY})gg*kH`PLx6R(i2{O`N!_ZG$((afO>I1&M~F*I7@~De*L^@GH@QV)DHs
z7jqp3mbr9Sd76|Z?j@lYQ9m?8WYv1E3oYH$u}ta9Sa7d0ZyHowQBQjo^{$PI^P<Hx
zYB3wPgFTP@Zxo)@_pP;Vqsjh%(9hd{_KycI{(sN%R3-2)aH=+}N?Q)Bg>YF$*;R+H
zn7lPnt$VQMsp`afjZ#L$eTflH5)y}~`(Ne-g?}=<V!IN?g$zm1Hy_GN<RTn${Uv|T
zq0a!4hq}|Ju8g!$mmCh!^vU$QZDnUhs);k7x%835l^0OtE=5#c6|KoA3?6whY7i@t
z5@2=>IBSwKa}rUc6c=R*j^YBNiaPcshC|d<J^@b2f7H`8rSg}aK;QVYocv$S1*A#-
zzkYp`_x~Qeev$vr^1R6Z7y17=<-h9wP$vM9<;7LBnUkSDu)Vt+$&Yzcy*eYw4u5p*
zBHabdpUJD3s2iTu`4mt}-tjDN!A+<L9mH^}g72a%6XTN!Pu{3a)Gg>a%47(+cw|It
zc14;k9QlrmVNV6=UUX2<YIExC-QA5i^D_9tNH4-3T}W4T51ZE^>SjaZBmwJoTFQU(
zhU8UbOoROI9~I7j`-cZF@qf?qR37f+&q%b1;o@e9u4!l=$XJt^HF16`bAp}P`JkgD
zrpm!8Oj0bHvIou$l}CbV=A7x(tq1j~xNAL4D06Wj!h=~tu(zvjpcaRWWBN#ti2$7T
zrJ*duVL>?q5R(`Dk4ZqEdYvuv;}Fgcze*>?#`(Xh(}(di>3_!udH>(R!Qt`C{C|$8
z!T$f^^wHkwWAiT0zX4x>CBuZ4_Z%o|pgeyhgr0u3lm3kctvsIvxUKwO`q0;Sn)m;C
z|L^{B|3&^k%hMqLzuiOMmy_NNob-OCAf9JG1^z~lW-HSVZ0gLmh5UzfdpO|y@R|1i
zgTZk@{vW;U|DWf1(f_{%{r|J;-M>N2_T_2wJc#RK2?Lj$-eNTgU;i}8|HH%Aw)`LL
zzka>{BLAP`$!_lRX)ng1J0o#Vsz-djMmSDFNTuY{o{N(tAU&bHMKS$5aTBzKXe9i(
za7>i4vnRiHxQaEUu`kq=lbZ|lMtTQorsE$TaqM#mp|0prSGFQ`y|8&fsYjR_`_SkR
zb>*?q?fK{~TOqpYQo>>GgSKpsDGdk?I|z0m_beSNgzo)`mV7exXV(I3lm*Ha(dSJF
z;i$1U*S4<wW_H5}PE;%3-6E2AbIPumAB;c-5~kuV5IGRa4)0jzd-2A&oj|<E-B(oX
z3twT3@hBaUiZOY6cXtE2L~(E`h6g!N$>^LKClfJo8Cnjp3@vpHW<5?faGsp;3H;95
zw_E?x)AX}F55{IOQv&u*`J0s${@l|f|BnVa`~TqRc>l%!|5={g6(v$!FNWw$s&#fo
z>-`RnBK>o4*gNX=JHq-yLRU(8p&*LfdO2-anJWax^<=JfFk8sKg{~~+s(j~YSdXgd
z{ocpk$Bs3_<ql-@KbL4*?M8Nx&-f;TMkGXxrm;&99rKmRiHX>g;6SUe=pm#}ycsSZ
zViNdx><50b&{^A&A0}iP`^ln*PEIe*IAT%Y<1pDpeu7vU@qGj1^@%?X(F0kqUG#VA
zhin)8hshJ$MM>;Wrz93R^I1Y;;&GAY5-*Jj>vd+7)33y`BgvuWYZ4P8j63Q>HiJ99
z%W0y3n1sfRk%a9*GIeXx`}3*s(}4oc{(k@C{=s1{3a6b1vUsAg2ZL-hmHp^AnwA|0
ziEr{4m6N*TDE*+r(H7efgJr(gERe=Q3kr19EioDuF~k6}uD03&HPA2v^7Qo7Gt%7B
zc)Hioyf_&2{?Hp7e3Oert^5zD`>=sFn*2Ww^7&r}M=$>0&-83sb{hh^-#hGh{*=Id
zdNaI#bUY;P(d+$V_sIKhG9ZVq4_)`z{ez4D(02#lk%@b7G&%If-r&e}@nqkd3=Y40
zeSG+b!`I#s_Kxwf+nJJ(#5mzQlkR?hf8QDOo&BS`!Qt?*Kiq%a+kbs<_=m&6@&5nm
zev{Mj*`JE}zjChUvZr?b4_+S}9OwLh2gif{%lv<qXKM@nw{l&26VNdZjQia>TU+Qx
z9@m95kq(jIDGH8|RJzbgk5g4`7x|$Zq!8I<%9mYjfE6cdsk{tmD%u5}>uhax#Bb?r
z{NDgqmg#|s^;TZnqYyrWyL%9PL+VZ+sNF%xsxd^}ZY9{8Gze4*4I8q8sk}wu#0kzu
zLxkfPi^jl)EdI*FlYQYT?R=q-`H?I#A5jZkvnKk>-^wuNY9pQ!xb;q9J2KzF7MBZS
zmXI((;;d+!?Wl%K0Fo@W5xAsLLj%HTGSk0rRDw_ahjP{Jsv=$K$PAYtZ7arM=tC)>
z4?FD;Q08d3VFwz;GLN@tC_B$AG^wh#Z7QnlW6K7kCHtl~CB?q!Pc_Y{GHsh9AAOei
z;Z*RQXp~NndTlsL^Jxp*mF>6On0O>id>pVMCN|^`JH2)Y>0Gp|2dty${v%mv>>kJh
z`QavztZD7TP7l2cg9V4_p{E%M(T7$<{J=M#j3mo<nDf%J^*7hp7wE3BMSQkim$$jG
z&WqR&<8tS`h?6qcK2+1MqGBn-i9)@yQ7}Ga{mcR^@@#Ds7bsMHE2oq$Qa8}bR|Bjf
z#s_o2R4P7*V=zaos<M`7<{@WB<~T7rZ7gXV-;Sy7oWdr@R(C`R(Vd5MOr)s`sbC>9
zhoIc*@LEPuXeR?=MjD}!NbZ$TI9Bm-5G*nsO6<9Mpj-4NX%L7I6f%zj5b&UJDYFSI
zJZ5Ci4oAZdYqIcA084P;pIYO=o5{n<H6=|vXOtsr5=@>(An}DmvWgCoeQi(%k$g;I
zEN?J7;rf<XnUWYwV;&s)i<5bz(*TJ;cE1uU@@x~XSwbc>aA#9p0g@S@LDe$40d%;8
z^D%VddE%TvI2Z(hxNZ{a5f8;g8lIq2Mn$-5FAwu1v$+Cb!v@<H`bqBM@hu%b<@tCT
zQkM9xa2}Jq!V;X2Ng6Pca41=+E9wzj)waK>6P7CY+i<UDOvglS3dXz)6LoOtsZg>x
z|63K1%;u3$>!XE~qm>9LV5jomgl5dkk;$xkWu2GJNgzXcgEb2XiRv1~@syzx{-2ea
z<JDDLemL<%KUvt)$Xvpz1e3Innq|eNClf^|CX>umGfT(nW>c5W_u>*G=U#%RY|r3P
zfY{Spo<duCgH^1eY(-_2)VD&l1W$|Q`O9s8K2H;1I*ub8FULfL;CRH_DL@j&rXn!;
zUXIQaUMO=E#=TyzC%3q2hwHP9^1H~N@Kt@cWWSr>X#s;M4T2jQ_-+Xa_%{^6$I^Og
z>p2p^ie@e8Dp>3=8K={%!UTyI^14KME#jCUIq41mB()vZ*WTuAeI>?l>BA(>d>oIA
zeH=Q2ffFAbbr4d9KDEDANa1WpD+nV#pNYd-m`$%vf+xISuXqQt(f1j8#icY$UhN_h
zFz5voznEOp<OW=flUD+q#q<w)#p(HU&!aBegVdSR)c439w7~YZqL?_GxPCZw#5*-t
zvq2mpvn|ooyGR@w1q&5cs;vNgRm$(*r9mK{nsbiB6kw<vosu~-U)FXVOE7z2d)lnx
zL{zvugFxEjJrSLA<h`km8u~o}|6F)}$^{@=#bOba87oF&tdck-d{`GWMNhzuf&T#8
zRz`?i!ToST<GFCjqah0DRF4F(vsw|hw$O<k4{RH%EK;q0=(8nLvpUI)IB?6V(#0Jb
zIuk!;i4&(qQM*QqDn+$}9i`+yYg;foat(IW-X)VcV%G!9v^rjW&q$0;81ttg!r479
z@;2^L<4+I0OJ*c~@)_AhF`09rs~t9lb}$Yo+%hf<EWWro+tw3I1hN!UHmWOHr+VmO
z8p4^ZKPk6h2o;m>N<U<GU@Gel7hF0?ubLv|d%qmMt&Ld<Y;NC}@BVTItL3^~+uPb+
zE@jrzg23MU=0F-7)b|z*WsJY^-D0JZdP8`5uS-?6Q_WNP#+IV1QMsO@N>C}M&8EzH
zy(&xXZr;2p@-Tm>qSyyL&3#E1UOe()#-|aQ#B?rZy+BPQk(OxA{pl=0IABz%-6Gos
z5HIj>WKwN{F3(PGIQ8V-q9@Aq#(wDCM{V%QBcrdvc4e{$A(G0>Fu8H~oYu^u$*RFX
zRgK%G4UZc{?K2q(SHQ4SG_VzoYlW4eQ)*|kzE)Y<%EUtH`k`w5;0J`EE67}68brbV
zF@cXV@c}2D2;#sYBH^PS(-86?C~r$+v9X{VYMDYJc4vM<+$4>ONo?!=_J=H>=mVm$
zCG$RjNyaQcL|Jj()U6?1t!NJZ(Gs)<5EwnPUEYe(tgYr4A9`#Ny0e&uG-aoBKKBz)
zY>l_DSN9Vzh4j!#5YQ*$$qm>LeV`$ik3!42hpYLG-%qih5dIs?UGnaII+=W^L?=w=
zqpWR73x=-K`Iy9fBxChTWUk?Y4bs|}7@GjmHBHD6oq`35%fKltyL=_XAx9K@s+FFZ
z4&y`F_N2r|3ic>&8pk9|_GGR%M~s{EgoEBJnFm{M-k&<7KVP4|y?uB6?)}I)eRp+r
zai?cmeh9K4!g6v9QNNOad<f*<AUBjn(s(aY>7e(FOj2<b680W(=z<+CE2S=Q&;}kG
z@(|4z_r^QR257|JR2ju}AuwnQyPsKYXdl<2qr-!Ju|x9wBtveiG_ZErJp<-I{m?Xb
zz^h(Br*CDHE4rjpm9|MmzOu3kry?PsHh#)F0i8NN_-V$OC6q7i0iA-xDuV^dw<^KW
zG-1mCjHW<6-VqMTuE}d<!EUlB-@%fQ+2flBc8U|sYXgDg-vW{>Q>ZKYaOH<rgfTqj
zl3e@&SOnye1h9pk;h1FRZqQjvh;-?P<OYJv(49I=;A{=B{E)~vG_)-p=(+gh(twd<
zrwrbmKPUgBAwl{NrTTJ+e1@|G&m$%_k)97}fecQ`EW9>1SnutTH7=>rWK}*3c{-cd
zmFLJfL?n)BELzCOA|V-FQwJKLKNgl5Nf1yabH;I~AiaQj(X;cL+w;?tyYn+qJdFc%
zAq6vE1s;Xv2ct>K7ph$p2~#9jSzgH+{wuXs=No4vek3uvxIx(SR1Bq=+)SVYrF!|w
zaNKqSxx?i05$5Z_K1_@PN@xLqU>oC1D+XU5HP2vs3D|&IHKFlbO`o%CxKzati(N`5
zHc%X`1T#-~zIi;mUXu2_k{4R!FTnLfZ+W<W=(T{Ww<s%skDe;IM)V5ZQkp2Dk*PYl
zurDJ5a{C3Q7x?qapgamj;V=2WoPWwHL{G)Na#h_tH3VAsI7#9qX(4K!BuVU#(}dL0
zT(&at1FjOR(#{W1wPwCr$e`@6gvzvkc*^&*NsigA(J6;2nwEQIF^J-g+yKFR@u=7t
z@$dfuM7J|67C^f*GAGKI3!7*5K|$n$H7cWHA~qWGCM%yIk3=zXaYDTR@BjUO3ZzQ{
zro?C^<%}|DM6_i&p>k^vNh3+<#*0Yyqr>Z!L>?n4+qBDDtTybCxflpJB!7q*qkaJM
z8$Y5aRmUD)>#Z0b^$N%;e-zUi6%RnwN+5*u``b$~WkZp`4tRr$LNP*rVSgL$?QtFK
zFGJqFzwHV9KlISWL>rQJ^)WMrd+7mkW>C)?MWnueyNtfidCLLRxtb3_9e&PLAgg|c
z6MW`dn{)`c@%$J~XyAcv(<zi6qOv1RUbD275m%YKo0tR?dzbz=#<5Qr60bQ2@b@Ut
zAGYC`*kObNN(leNKr8Ar!5pG)GzIks`a4Q+Y@JL-)Z1n|I!8g^&wb?rz;_q3IhvC>
zjTf+Pf4@-Cjq<<__KI44_s}-jtSDptI9SLL&9)G7<HdGFGw8#fM;`asYz}kz!|~zO
zhq@yM(WE1&ve0zi^BGGC+dCW_*VWFjH2;)!4~~xxIW^gAE*w<tt+;-j*R#kxN*0`5
z9^o@AD5_I=TaTc0!Ofs>W{@?;{C|>5U+wn6-j_)ljQD3sNvSjOR+D)&5xYUTsfG`{
zs8q(F0CM^EnQ1w%N%D%x0T+<9L$M@?Mrnu!Z+yKs&fbb?1-Wx``f5i?n5?I!G&Pd$
zCNZ8&d{^tQ&5juy5Ka^NMnz>H^%rEnoMXPQz)2|yCJytbA@Kx`X4)aOgEj$GwZ?@s
ziANy9PyJ}dMb*zU0t|0>lnWXEiiyUc91>LtTm%?nQDcV10E(@`tLzB4*h~q>K#Cuu
zCpjBCF0n?=aAI4o%P3KVS+FUqrho7Q0xH63RtI*sp>aZM7OaHyBUzLJdmxKafJXUB
zn5QQh$dhUm?RCkRy08ctDhlxF-e`0w2aKWd0`kBRLFHsd=5~^-CCpTR=pBnCYfh3G
z^_W_<bdR&%ly^7|bZ_||YMjO0!)E7i$s?6!q)VS=E=d`HqO+nwm7Ca~<9Lzt4~oQF
zd#1~my~2^0{E!{FZIh{bxr@Y|I=d(!*yI29dOa;bWyqx{TH2VMWv2vj@Cz*D;^E3h
z_;=z;KfP1<eubkIER7-|aL(XpkEhvsVK`M!qUqZ)K5gnwd9rd_46ob=;K*p|%*Gh{
zk@W&rhb`&2Q9yKvesz=!2iTWE-vga5P9@JF1g1Lu1<JvjVww3uv&wwIU~4k?!+vjY
z{9Ui#>+kI!qPcgZ#b*gR6(m*?Qk0(Ks8oDvW)SACvOy@4`}*D8`4D|5WlL#ouO8^a
zv0(nNPa|B@wFDg1Yz8`)ZyP&-wuS9O#7e=Op|REjt)e?6{I!m~HwfsHqm0N-LY*;j
zxOPiCXA;x711CrhsF@C5L%~-@V&-IkIF1?FN{G?O73Ws1)wx5p-hxd^5pCp#0-{;h
zE<!)?#*Ok|9gih_y@BIHV-Aj|>6|Z+I;;%d=fk>GpT$?<<7)aX3e1I@mI*QoaEPa@
zBoH76H$(Mj9B{2Ya}JcA9|6r>@nB$)#5iPFtbzfZn$70{H=`obMKE;c13=CjbfP*c
zKPm_cOV28+Acz$!PD6wf1fEl9OlhJjOVwQ{@1lzSjnI5?&)d8gUwUjdM89TV`M>|y
z-q;WK*vxuM+!;mPGm04HN{Sy&dtECQLN<hc`P7OG*~H0Bp_ZK#Q|GQ25Bj0Jy$>bG
z>Xus%o>a5tKW*?u+g#y*n@bG!n~{+DiT_AU7sQ>CzPUI=Pc(i&IH2LQvU6~n-9YFv
z3gn`9D!UJhu42mEB+<TOe53l2xL{O-oQ)-%tvwN1OkHKNt!USD`D@p1(K}2@T7snR
zqvAl|!V@9Dvjd4SQ9kyeH`X8c;wY>hGK9pqsYvW1_?m{qCG{#(uX&ye1{ARe$(5S<
z(;32#*bihj7zz8&G!>vjB9>_Fg<GQkXeU@KE|izX1h6ek2nN>(;AEkzm0_rym`WE+
zNe;cOH}=G`scPDSt=6I@tgjY5;be&>wQbAaZ@Id7HzNrC$ea>{%dTuwS}m<M+5m?G
zt2=oK|I)xA>>1!ym|PJuI-zHW(RQ7(7vuBr@h2QJ8KVT_DHhK%#~P*+kkT@hC8VCT
z2pDD{vlYWbTkOexc=xWO*9ve!8KUkO$6Z4Q%WCK2%F8-(dR257%vK6xf2(`Rd&lw?
zxMG)b$edoaqHC28qkO+Pd@77C*-k<P9_d&*Ln)UgS5;&?6@Dae{31^MrOG2>4tDbK
zNL9lEx>-$w@V#|wLT^(|Wdc~n)X98~6=ciQ(pM<(A4y0U+eI<Kp3nc3S*>uKq>&5^
z+e9ow_FlE==q4T6oFkgs+cJO{2;@kr;N0*cd4s6+5mjvbH6dES=PRO*gEJD~#fZ2x
z^cZXnd>kN;zeG&F1?LR2ZVTuUiGAuRxHs@?Er5wXCp1kI#5?hGEszuJ2Wd?1W-(zi
z8hGdj@d73K%_?A73ef`@*pYbA2o`REHeObxQ7##|Av)-brNN~85Dmmzn|MPc?jy<f
ze~6BS8kp<A5DiMZt=YYlVePN0acr)I<yh9P+y;Il(=HFP1=}tUv?b#%54a`kmH>tj
z0Q2oq%zO0gyekECDd(EsR^wX>`f^-rR&9pe$g#_TYr(C{0c^>s%K>f4r3Iiu+t%+Y
zRqplW>!5;12S-aWsnC@!t(E^&8mO$7aEzB_su02YLL(CwBMOzS2u@mNs+zvFWw>lR
zC)t;2+y>at`pBGzvTbW_F4M9Jtg_v}pAdK92IMWJ53J1iR}cWOX%c74Bxf%llL?Ip
z->KpW-?B>Fv$fuAEW@d!HI;Bdoh=HT77pfH>as?_u}kMs3X!)mi^E>U(jY(gL_4s{
z)h}h^tw>b0wk!CmQ$6W$AR2;q#8X}f8*Rvq(p)S2P5UNbwbQ9xA$d5ELmN6(ODge;
z=)@51A01!$>cZhD<uCekHS8YWIHs|mEcgy6As>@X>{FP839rb<q<pj^5Nc3Rwp~~i
z6>hGHTQismgUj@h`0vG;CUZoMc+`BgD)m7^<C3>O(7Q!B6~7$$bomA%W@4iiIV-`&
zX?P-no#8(QRdp5PWVsYZ6@@iulg2r`W|So-fsYxn&S#XpE217#C%I5a0I3-RmxeBh
z61FF^Cov}^$rFtq{BXL5J<lOw68i+s{`mNi#C3QB%z5&Y8T{$Uw)RxV4J0eA7`)82
zXvs`l0k}&HjI<SMFpCadXxj*zk-&FML}VjnZbT+77dNK`Jovkf;BawsTGzfzCv=4)
zL?>o)Ay2!z8;N9UTMM#WL#4JOGvAQ$cfL;sJ845vF3(Vf5V~yc3ovP2Cp4J4hD`Kj
zYx(R+%Qcx#q*T@JMC9y&R3J$O)ex4Y#07|n9r~?DLl)98rNyv8Mkk3lPMYD^`_N9V
zW^>w|5if<rCgf3^UG8DX(ExKfq#oJZ^23D0@LS>I;Lvk$nE3jQNhYiR)ebY9po!m-
zT4r0nL6Q{+F+?28O0AQ(l4qgM(GULL0>b=d4%>>8!D30c?xt*%%X$PCt88$X^}(XJ
zu%+@qvjpu2vZ%xwWEeO<>e!4{D67`bMJ{0Y8}5AU+T%v{iG%+McUM|R_z$I-6>B;n
zlRee<Ll#n9X-WRFzQ~ct+!7olx-uxf+BZ9<hOp{<Lve}fUft@11W(U(Ql{1u#M&_y
zr$)oXmY&^}>%wlmAl#Lw%vEDq$V36>IDYa9hC?sOvQFi4#Q~2<K-`4JaNm<!kT*$D
zV}lFwgh7LxsHQ|wXjI~w&_GAo-Wh*C!{Bo*J%NGFkkH5*cvZ4&LL(Z`>0%Vc1be46
zWJ%0n@}7t<NPI%(H{LT?{d6x76Q!{5I}rB_tHAU*4X4Vo<#>=Mll9Pfc}7ct=51Sg
za1A-2*kgN~uKYia>XRdI;=3?~`QBFXoim}ZBC?Eb6*Q@&Vifxnwn+hI432hh<QpUs
znHw2A2zF<Us&@fkrM4nhOA<q~?-^W2ii3p2Ax;R=pT+H<sLK)>KXjMM%m#Tud~qwU
zycsXs`OecI@uPq^x}|J4W#LxYgM`F$KLkE~6JwX$SoUdcr!LpOLPErSsR{}~Qw{|3
z!7e$qimbG^WgzF!iOnW;cvto|jXa!?Q4-^XOcw>ML+MfGu8GOQNZ!cT2sEaU67W5|
zZGtWfBLO34jx^l!SEXfk(=J@sq}tuv5)C@CcYfx@VE1NdC`Pwt$Asm<d{Zf*!6iTh
zMqP>6rIHMY!fzn(g~Jc_JYU|d^=MXXWAHOWwel_3`>e>@uvb8@7PDOVn9))tI?VTo
z3w}VJXSOEan;B!}PPM*W^aGcDR;EVPM8OFN?kE;1AG7!xIAww4pT_sxryC>drAWw`
z70^kwl_RQdj(@S+LB%VE2m1$yTCOR?tBA*So70RyITG@(%hOM0xl}l8Z6Ujr0u?>#
zXcyZ83CAg0jOoYhedfFK%A>D#(JNi|)!$T`xdv-F`G$I<h`809tO_j0wz5|3$%jhD
zUi4P)<WjAdu)WOJ4syBVI#Ycqs<mOWuPCjC+BSu}?H_I=gD<4ZQI5V`Ll)QeffH*)
z8L^#!-5I4!Ca52i<cW|F{ntUi-|ssI`>&5*|EU4>P~N#}p|6|G>ADJ5`#pb&30J<`
z+u}5ay-l7p8mBVyRPH}jk6blqXar$OD0=~W4w)2YMz9wU#?%0@GVgd@bqEzrB#lpv
zC@pE^l+~<YhJq=uuD!sxH}~QOuF*wfb$9*6jYu4wF+QXqGw<5{pu-G^NcUh}es5Jx
zDBL?4a{)+0(9Jf;A__D__&DS2Dqu|*yQ?k6f_xMp??gng%!sYdWJI`}JYl`K5q6>Y
zQHdJWwHC@X9P2wqnypO9hCF7DLd5PHB!326Wtv}sk|R)Z{K)KlX<xM1T7pSN0R0w+
zQv%CcOc*0FQyY$n@K9Hqel`9+%U{skbhOh<8omE;1Dbk{^m>n-i64_E90Yq?F=0vU
zyNM&g@LeA7iXxy>GJCeRP*rdBRCmyz-xL4e-`hW|;xVhPSScI0jW2FofS<$im=os8
zAH1Cu$e^`oni0l)8fu%>Nc^^qSjJK)>+M2F$(W!nmv~(+GrOn2gBLe?Ze2`_mvD6&
zBW?=uDsl>G?}Y5$g;>PTs`De*PE&8Q0^`w-lN1MzA2BeW$Pb*6KKjH8_Q=u4lJG5Q
zDx8z~gwblW3{2GOPp*azyD9@@ST0>j+@Tp`m3J*V==W<nBw^NRRFS%atxBsh3RG!U
zMv?ppcS(zoH^ppLc!J;jbZYT=;Uv1DT^08lV1Hg3hI#YTsWjHu^U0`Jvv!zm&G~lk
z1}8J{8i}yXa3_;}C~k*R#6viXM+5V0r4xMqN(PHnb(^IrWm+K3(y>OFrDHJ{sR$Z0
zuurIH3MEtlmANMU5P9U$j1>`nM_ik_`3bmPS&Z@um2`6(3;bKr*t$TF51qU{5E<78
zR`8bSi6N&vGVw#=?OK-#3d7ZZnXmq2)RDJ2be(QlwQhG8J<WV~rtXqq$XoC+aYd9C
zpM+v>rr@Qa!~$&_j%hnww#uf$GzfN4NDIxu?h5%VlLKI^2en_Nms5^zx^)uw5Zazb
z`-sc?pGUhgQ*F!#EQ9ps$MaqO8T~KxE+XM5!R~{7e^v1w#-^bYtMV1~h#0vO;f~2)
z<j2h#Dxu|Om6hu6pj(2ypJP8E??ShYFo3)^Cez%CrKq`iUUP`Pd*iq1XN^h^3%V`Q
z+Uf6R1M*ztGCLkA0c$x|G!jOgyXXU$EVY{{D)Sd}a;Ei}I3$CN<yBW!>9tKBtYn-9
ztw;|Fb49~ZG(__S*9GmB%sQHB>KLE+LN8OUp?vs390;}9gq;-z=v9eK;M9X}XjBxR
znSgAY=F@WLGdjy@T}&WtrY+9rb~X|km)sM8y)1>Yl^R93WJ7Wk7T`xxmJ@|nuWrpu
zpKN4ot|N!x{Fv3vJ1<*}v`;xvZ0sfbM4ptJ3Fyoy{oEm)mHpXJTxVI&nj<?avD#F4
zXA86{0z56$o-@kRYWOP%^~^~4tp|HrlwCREvy2{Xo7q(0XH64pM1R&mT`L5%2JYH%
zpf#|6^TD7wonqyP(B(M#a|MRhHL^~0XdT@3LPYBzuOBB`2mQAnENb<B#fZ`6`1*4M
zj#f9Ydh}>D%ymLYtD&wNM_LW}Hy=!D>yXbMQCiaebBC3dpzwULr8(uGDZsQuUVPRN
zQ*+<_d_ktUb!Ej!(`9vrbpuY<Zm)IRX=O{loyb#*R%?czHo^K$$Drnn1RD)RZ3p`c
zMWb5CRfMEw6Y1*@N-gwfGm)uf)My)<T0rSb1gP38=#o*YwY{&1Q?;#M?fkfGM$^Ww
znrP0v&}tpCTHB@SsMUOXD}=5#wOkjxT4=s9CetG2zitd`alGmRS#v~t31uxYy?@2Q
ztoA`*b3|)>$DTW;wF&!NU~3NfuPd~*sV~L&*3#~Ly%DbV>edwInp2=&0$oc2T?;JJ
zCfapP!mb(bYN6aR==Jlk!pdQ<xh}lKzOEkoYO5M61;Ey;hK(Vxwt@DWjf1s$a@k;5
zTZj8*!eOmWH^jtdU2GQ>TL-%`G`75v-*Rwl(TC-;MaY(zCYOqltwMEUfwI;tY8xtR
z%b#`PWlNj?mx!3PXt-|JY&jXf{=nHHd#@8cTg%IJ@w0{qTp@zio(&rfqb&vf4aL%y
z;{WXj)RuPZD~PHs#cOGk?9#!trOm!X*ftR8UpCCPkzHP5Z8sEaTg7+F2He)lhT4$Z
zQVd?=Zr6{yZ9~{^HTc%h<JJhjwaqlGVsNvD*N?)jZvHcc;#M~J)yLyjV*V8e<yPao
zRAg?B<6dHOpD#AIas;0@K)0HaHXfy0-Q!J$>Q=V0Uc7EKoqh{JyOq7$SmdtsTaw!h
z!-C68op_$|lZto&u8?ePbwaa_9gAyy$}g$P<x0a+hM2s^cNM%j;aW9of-3~LD2ukE
z80=3ZRrar1&>@}^7GXC#e*6m^|DCwW-_R8e{e;GxYji0+c#=bVd{JWhxKgd65b@0S
zqaFzpb>nV^*sBa+uLX|aWm$t=1Q7@;<8`C)f-}mV8YbC%rI&urSW%#)F&6-hA)0HP
zEu%}JqA@Yd77RMHg>6>RI_5>l^$&(_(|{P4tHVopm)9ZfVKGapD{aN%@GcA%Kg4vN
zXINPS#c3d&<mdRICf_$`0%8gAdHqRD=LiDp6W>h(93vY0Q$Osji)Rh@Ustfaz~5(j
z`<+mUYE^zF-ld+n#aTe8;6|VSnq~WXjodcdS-YpDbLfV8?2C0z7^m0nm<;CNC9;mm
zHNp~<rQZ2gC#;E6)|gUdN`!$uS?dIXJ#A$V^%wa^wM-~!s2~^YCdBaNTPR8fSx-e^
z8*`RbwQLaIYT1D)YrR7HfTfxy>M1A`x$nAbL?7+&$Hb<nThwrtsdlU_$-u=Ti`@Sl
z!mI}0&nnS!U3*5MR@39nOSTPkb7|pL)4}y5T)s1=kgIO=MbhP3KK;riUFDX<;4zPc
zi&GkgVk^Y%=(#+vP|}U$g_}o0zQ3SpGNoXs5C<Fl1@k>3!ga(k!7d^nT@s0X`Puad
zZNo9<(ZNogif^K~1fO#Z^=_)5x1uu=f~Se<sj%vczRKC`GZfMUxpW@k1mrR##(}M}
zB#O$NB&JLy@p4-N!^|xCi{#lWf6AF>Ey-93wRY1rOjXZP%?y=iCu_$n%>*|jp8H_B
zX8CRNMb0rJ`#j{Ig=NO5KSZZ998LxM&?iU-6MAS0fp*fS8D(|~QGc852=it{{V?Ib
z5{h1Bp<Xh;?iHe;@G#`!j_=-!&0G9f_*`7_&EAQ5;m*XV+%g?#vHLIL0w(2NOr}0d
z;zf?qvb+-+Ljx6%s?ZX8M41l;<@WGZl~yezc-k5?FT3r}=V=1ePw<q%X=hAaI-f%V
ztesYkdj6EKq;<QpxIFcH!VAP^c>m~lh;gsi>!F)~U`Dvm;C$;FT)ry~@snMl9H{tj
zfRo^9D`X?>hSeHjUPa2o)=h|%QEa(3n5d);1>grI^#{RbL*!BSfy6zZ%J+&rhDaTI
z$bTI+BY`;iNbq!s1_Q?<V;_gkVBo}uB0Yf^3vH~93?H?N$u&*D0YB6yG$l?_I7ArI
zozY3==O%lvwK7GGdCC$v`@vxfP=rT-r<lPqR<$|{tq;xR{gKXkQS3ir2zeKj+*2)_
zXMTS|^U3hH7K!=dR#yFyEJT58Y}>)js@n4`#{th7$6sX7LNI?be`<tH99uM?`?o|B
zs?L(Z^oG67Z0c1-xVJcG1dVD&pF*{cfQ@@X1CPX9Y4K<XCw<Lv)dDIXMy}{^P-7C%
zrxNP4g;h!36@t9&RkdBDw-MLfw{?_v$&AG4##T#|uOW6_I2O$v7>T3hUT1@O-jp+g
zY;ljPAM)LacxCGz_P3r8JKFb&|Kgpa6V;WI@}3w82?U5T-6Gc(<PE)(!cFm7t{Fuk
zbpp!yh>-+%O5*A>IP~8|SOD@Fnv#&jAU;!lxXG7p8Vch?Z;}Q96t<#XbOzE~pg<09
z$Z5j=vT?nm4<r;(i45|d$fNKA?L<KuO1BTIzf$bW><q%mMjq_~J^4BhQB101KFfpf
zC{QUR!a9&Lf`0stp_7{n9S~O20qsFi-F@?jvar*@C5M)FGgUF>yu;9YhGH6s1KwOs
z<CJcUUB#@T7P{q?IA8ETzV}0q6KI=@LO)h<{i7RB626TS32w*O9oDiev;*5FwGF)e
z{^V3_q&O%YjhiJRjnytnE{{0!VOx-QV^>Tj1hyg0jWRm81%5x0c$_aWRS2jTfzLFF
z1uA^O&8JHdx=b6vqkXD`o(B<LI<bd*XADflA~h~Q&j`pwzEp@e!e?AomfLUi^U3Y?
z#r2zE@f$2QB#McvR3XC^?QziCA0V)-fdZU{_!0Yo+%LiBBmJ2VcEqCMSX(0eN}gYu
zLfklk%Q~4q6oo`e2ph+X;K3Is*|Jiz<x<dc8!anqyoP%&;nwZ4@&NVTswK$Mjg<|Q
zZ;@I-TY4{Lw<EVic@L*&+A7(&7#pNkU9Z|56``tKfX+~|>79>q_;L)kl)ImPZ!qXt
zJD~mjmmSda?0|9%A(l`jh0eg$%ZxsfOROwjvL`aKg+IkKB`hR?9{YPW_FEieICVnu
z<VaY~qmLcz2wFj6@Qz^@ys~5<LecbI877U@=pQNJEY}^KU!I@dA+P6Q2+%?&BN)70
zbb2y6M?b$kzvd8JoZx^?do#>5w0k}hen6&VTUXyjuTI}xU!R}ez1l%{xylA6_ssvN
zQEdmEUyjaEADv&HaSZs^`|*OW96#K?yQ%<!z?D6QEf3(%H7P$t+pm<O*nhQ)^p64m
zq3HW+$5_zkIg(|z(_trP4ow*Zb#*UKzCXY0=D&J`xv?L~JnLqbeT8$^ZX@exWlL{P
z-oH6-XldmCv(OT!1VGkl({2999|P!R(o6w=zHHw2n~FshF+!GReWP7Rw_6qJSejE_
zMd;nUxj+BkH}7um&TsF}E=DKcU!LEeo&Rw1{_^hr>iq8Z;&h}btTN7X)w&_&e0|5Q
zG~&;avTciz1cFZTUm(B&JNEv$AkkW;bz8gFZQISP0V6vP(X!2=a>GPB1g>d#OKGwh
z93-%I_KP-|>W~H3+z__Rdf(KKZ!!P98rYRn-`5kRMO&N7e_sxLjnwz$0N2WTUk-BZ
zg!koOzf7+C=Sv5!dL6Hx<$eX`jXzVW`wIB$WVx>Zxn6?%3ZU!fwyyyE+fQq+I=*5?
z`xSWjbELH|g}r)4`%-Z0B(pCCxNaW%QlMWXh5g_eQ`p=4`e)5vZ#VtiiR<mwpD$;9
zLHicTEmT}egD_CVvJ+XEo5I$sjpP(+myiB1`0jP9{o8XMa%T(0ih1g5C1yiYx_@@w
z_^jEL+FRk|d$d9x87;1?JTLWZq>aC=62Ig*r>^yN)0u20YF<T(I*`YSK821SIas8G
zFuPfo6(!%ZeENY?k%~;(;PP1lrgYaz3=mO|6CkE(=s7VR`#L1`Cz(N1r5{jqYD*Dg
zjwzb#nSE@N79ihO^I%lFmKL(WWc(yA&u~1Sxm-3vzZDCT&;uVt6DjjNRk<B&aJ*~G
zjd5g}p^8N!$ePvt<rmZwH0;$+g-@TP8PP!eT|{D>WQVshO0ISS$}$b}P?pj<pFH@@
zwR5XPEGQ4W&we=7l#|&5is+i8ERVFSM=Fa?%z_+p2jB$^x8*XY6N%jtac-qSSYgz<
ziRP)Lu!591k2pXV>JOaApmRl$ECs$`5U>1z#W1kCG$xeoWvt^+NyNQzK*xJ?3`twg
zsGH77n8?(*k>8tpTV<T9kZj*AfvM7K)xY8{8PPkC5>N^vibIc-XA${~-LjBu-!~aA
zYPeRYociGQD||vA_Jh$pXJv_0gwP-!8ZQiPH_@w%@2;Y`3S}`Sj~}uGhsBuOCQ|FW
zY-c!5O7F2P4#Jl4E-y<^i@@%RZp8#phFmPS;%{N*6e2i^0?6;p;9!8Mn~RiOu|ruj
zq>}tQ70rv+w+0ed=9?C%_~DeWJRJ&P+ha7NA&q5f0Cga3zSAe^`nV>WYGu>FsJoOv
z{W~2)t%8e~h=P*-QwffzB+0Un35O>vb`gK4W9btXnhTwYooXd>`clFDy8JD~qEMJu
zBK?La$nk2*S+I*3-4!W^#nIBPNS6ZD_+0i#L?8_c>M7w*W7Iq46Qllww_03niLH{-
zlmTgwCEAT3vN~6_?AoRB%P!87D5t=zys+k)ty@@g7<|r!HHXzwQaXp`Mx}HPFX5S%
zYtZHZfO3T&2x4Hu0Z(3;V_V$cuDsj8Z!(Qzu7(>KB9$(vrF<c72nU2Kl5f)~xy^2s
zzr<5B8i;(1;vtHr_r}HZ_W_>%BH{m$>!DHXhsgwW|D7pcg)Z9mLpMl0g1V(non6%1
z;hO0uw1*Ck`+f8$G%(wp@a17JH(v#1u}X|Qk{Hx`H}(_X#ew;~pl<7W)<L?_H{jY|
zenE}cqfehKk0*u#Je_jAb-dsJI9+}xM98O4U0!-d)7T95lpRRta~v;*b}VLw&+>rf
z>7eo|{I{1!Jr6XTDs?8CDtqEC3&;#V$GyKZ8m`eszu)g4A0EQL{eD09@1Xzs;Naf|
zhsOu|hlhjX!QsF42d@tf4*m`GH`ve0CuIqa|E<4vTlvm?BhN1#gu1^I<J=vhE?=;R
zdwYDu9Xa|mp6-c1x4OH$c(RBHFDtA8;$0N;RXp(t>kiQ`FyFd3c4vM<+$4>Oerwcc
zN$iJHs4w38NdO;=d2hkcB_}kVcf|>herJd;4x@O@4x|7JXh_6mJBCF0AQsP0yAtm-
znU&#d^w-AsBu!={Oq6`GwETLcOUMTAg~B1}0B#P}cLS+0r2)ZNGd5=Oc<HZQHMjrT
zMQ|4bU*luDQl5ZtNe84`VC;#;I=f{Bu$~AddGZ<AMKPJvgs3C|N^uwm)P0aX?cm*7
zM8Y7Fe*Gycp_{&uNL7&~$6Go6Qaw`o*edinGgLK<VjOyOjs|^)3sdaE1tvi>!(lon
zvF{>*5b|{_$a4MGUUMt;H=9q=7gK|)>!Injm#ZiD70TDuOJfzUG645xIKlG&siSZ*
z43_IQ9|h1ZHq-6KK`rSrud{l0Wz0MPfm9MR%#ax>M+>=fYlo<Der$AJ<VYa;{}s&&
zLx#WK5T}@mW@~l<0;#+va~#Te1O=#9*(>Y)%=bJJ<~o2-7nU&52epJ*0Abi+$+DMR
zqsXTw@@-C@u1d?##yMYr#vSutrB)b88QW+VRjL8=|G6TQ7xGt*IH*=+i%IB#4$@_T
z@8w5Qyu0!_T?b`f@W(E=X_kC@ANmQ0`^N7!&`+PBE~T5@szAD1UA;<W%-lo^$K9)G
zak_TJaOIG$g9YEj<>H0+^$buquFYd>6Z1;k)h_eM77JR8(69Oo+_2w2{H~&aVu>ri
zYZdsEn~-jlenDEC-n`!sA^KGX6d~q0IxHb{3=!OB+LUp(F_kiLent}P2dr6KNz>_C
z+ZUtZW%YwBOIH;JewdJHUZQCXAicH*@wG28h5Q2REHtZ(Toq07BMNyPvTL1c6@x;?
zBRfry%Hf`6IN}<_Z9cnE)9RwEw9ibiOq}S&M>|VM&zu%4Z}+If|M#h#m9xVBr_O=c
z-u1h?^HDGPn5=GNYOw$9AHE(G?SK0(_P^(NPT!u~-l6N0tMeiH<rjH?*Moh{r%xU6
z^{4aO(Z#!Kv%pV$?$MB!Ik~whD{&G<MxoB{f3ISj$8duLxJW(C{6J>H<8_eF(3o(o
z-Xl>!7sNxq|9z+P%P$UB^Oa|h=i_NeS>n4_)XPryK7H!kX+V6FJtic~0Qn)xDxx_g
z-aQEd8MA|C_>ssO;!Xn(92`{w4*s`>Ngql46#Gd+LdbkK>~xH)>;T)`Nl6j~(x5K&
z3$*R|Zlacis;;S)yE1gGi+;C*enp`ldYpQPyw3>Xc*-`~EC*QIX6KE(P)l7D37I{{
z3q(G`O*!EdNb-=5iJJsyN)l1Rak4W}&M5M5vzMKZe)@!*0O2U=+1_o+U*nJYYJkp3
zmWni@9$L^8Jz=p7cx0STE!0fR_{)}9B|iEuK1<NMAJE;~b9D3W>`%yX&>oEv?foH^
zElZG+Fo_qiD)rb5?T!6#Z;aWj)42!{jXhykQA(Pe3)+uY1(r#;vJ)~hfa16g2>m7T
zXeb@0VUHupxrzi#kl8d*iF0CM-X$J-^u;Am)-hoQ&+@{P2Zhq^HK9R3pZJ_VyB6`*
zOr-hcGs_RH8=+-aE80-kjoSy3y{aMYu}4?AsP+Qt;y_-ru?P2T7&$Pt1S0>?Q^r)#
zY$Y2=RfDFXlCF)az8BWQl!PD+;qTuG3m!y{4*yt+kT$Ub5~{CU?reuNLEB^=B?}YK
z&JNlRi3M82>+WPEN|RZyc#Z+6-BFMVFk?;IQ3eOaX(-2A=t1b_-RSPk?fK~b<m~F=
z`u^r*H2V47?b#oHw`~d<k$0lqq^@LEl?XwyszcG=84bB|{>SbwaG{32c+ye$f9j%N
z(HJvwe25%xr>2j;{9@7W)2F)5e(7#j_0EzEbzM~v5ysGdGrj-i7X*oF<Aq^Z&%ij@
zyX}?d%MSYVshqlU8sAYh!}(GH@=%|`#A#lN+N**h8ZXz<gG1iZh#V)LBgaXS1#*1;
zi@<91$5+?nk;JcBE}J4#N!1|0M@4^!gpYsh-n_}iyub!s^jEplaU7)_ISz{0KLX@9
zGs-F#pz_55Iqy*$7DbMSq+Bcmu1{(N&<YgnQpWtzE=t*`BPVLVl!~GLle}Q}Vgd?~
zk)A!%CxjC@*FSb4`Mz|dn&AZMDD|SdqEgf4TDDed@FVqw22J7^WIJ4iE7mVKFoCqu
z7iY+D+gIb%A`!x;PoI!SiAY8bmo#<jCkv<*CF!>fwW?$$v7ui7B~lD^ujOUG-2&p)
z?agXzq*%LtcXob%ag!5f;;Mso)5(@menRH#Fa5vuSb~$3^{~3=l)sZdK6Q5rDBQfe
zy~`o7O7kotu86DP?Wy~ZKXr8=&vKJd;AzbNZkYfu=lbs?L6PG?=YFSq_tj2pW8t(I
z%Di~C6;sK{o}f8ipoGt5j3(p>&HXS<j4(Cp&f|+4d62DB&h@kn>1Vj_41A)2o5a=@
zy|UKb$F|$0r{%`}l{HUB=eIvyoR&<L*6lC33OLH#1sV(gUkoP4ZNBUMh}8Tt@6A<L
zP@w(}47wb9Im~<)&|QI{vz{xSZoi@W)>vNOSl?2JDn{U4b|y4_!m-zm8`z_}w;V^b
zruwk``24S>*<rB%y4UaZdxNibY?sti45rBQM;VAm9QYnih~N$m#8Dg6oFe;#<IoSM
ztQXTD@WbgHo@QJnRM3^GRwRVySbu55?S`I4`~Urn1QCf@FNuN`+o-qy9~|@t$F}`{
zzrVjfc(MOK$MefCd%s7I{(K1OnkRlhxX}IMoRh_!ks<p1o|vM0zwhV(8YPIh)Lfu{
zq&N`QIN>M~aZ827TH>lWagfG3KNFP1X$TfioS@?aFxxXUCN54HL5$9cnKM_w^hw}}
zB&-lTudZA78QLC;>nNoOk!$Z<Io;`X0DC^|MFdoX>~}KzS8H3JF!ecRz{kJ0jP=Mb
zd(h2a1!*`@_@DlKlujo8N7QvP{6HW(M&r#Jd&iKu`M=j3-RznyNgMW+4RpE5RZ(G$
zfwS)1Z9jTtWH*zC{O~_#*M&s&ath_MB{Y&)9+u}Q)^297N4KXMEG5`1FbP(#SMAgi
zXC2y<FyOP0$>gimNmX$mumZVmNs`8)x-d8*aWVfi2VUDJX_6BiD99CYO}{E6PZQzS
zEu~3b<?2oYI>tfvTKwKw0ej^W(Xtm-s_M0SV?kTHS6LU(cKMYam6r<b)ONZ;SzWvP
zRZ8%>ggArr-{@j4uBMmi<3+M*5%Ai~sYYh*rhZ0dQM0%FC!A#4+*>~S4Mf>loho{1
z#pQ1IwZzB{@eCct#-L{uhqF0V$JAolR;koPtkb_@@k;HZmJnvtNeg0RJJ|Nb&`q=_
zhOS}}!)U5ls+3AaIF(d-lRsq>$5{2tlzG(Eo*-aR_rs~2kENP!7i}j|uq344?bH)2
zSKMjSa+`K40ku&0+K-H}J<!L4=z%PnG>JkW#*buS4Hu1<q;nl@%&kKsCkX!ekt|pR
zo(kNm4AR_y981+eDc>|haoXa!23Gktx@8Q}wd<KomFLu&`t2AJq8XQ9MJWGOGhrUX
z4YFSW^pcEMsJ}AHHDXfBG$kGi?KuXr$hBt}Ui=I23yqblMd_}}@M_xGLEGdX&BZJ)
zrn+$}15}(gy%y48DZbAU+C*^!te=N&@LOB%&x3H5!EhCPB>T3S6RSG%G;^15?^%ky
z+GrF?BaTxbI#ym!!nS6lzf*Vb)lE`SMoc7YhC)v_IZbV@2kcw-)!6V`*+}cPTl1W$
zm40jIgftQawbK17Yd7wR^2eLi5IzT?ENj)bLp00Ax(4Oc>Q-V?weoey%R;WOFm|^y
zlnMxQ998bJR7o{iPF0O|8=UIu?Y22~=D}r*wkrrKO^r%fRb|}<k1*-8W+X~%H3R@z
z)5RJDkm-hyvxiL$eEw@ReLKddW|1ASGBgg#4yqJ^!BYGD5)zS*31kJ`0M{x|r%QA1
zdA{aqTwDaxlA9IgpOdXi#sGpr<%Vn%17XRwn$cL70+mM$&o`mVskOw+F7QfWh8MZa
ztf9uIb_N$3S$igLfR+~5twT_Y-P%yKbPX;i>zZUj#!;V{GnM5oA{Tj5JE(<5C@){G
zlxgKRh-cGHA2}{_B3yP=c)2{wyt(8b-Bv(WVYH0HAV!*af{V;}uGTyR5Uim;y{g*s
zue!{((0Z2NVkmK*OV*@9>y{DQ9E3OS$*Q^j=W)*!*3B%nU{(QXxm@z<j;y@7MY70r
zcb6lPwOmBdayfQ+c5-7zsMXOm@Nm>i0)0PqQHOi*L+^s=)E=5ns^*ThbuWBvkmmVT
zKpYmE$iFc|kXK~N>^?z=M^>>1jnX{3%jQ(n$Vj$)<e!6nRm3i35yLT55)$HPqv^fR
zI5LZNZmPecf21@a(p|OdjX4T`Y~_rax0%_*M~nq7iIXZ=Nx)8tcE@Ebcp!_0vciz3
z++d|^w=*+6b0af+C3k_3y-WVZ2$@@-cJ-v-l>Ln4=>B530Ix%i%o*774Og*8Igb+a
zPIw^VUyw7ggPBbq)_Jto)8d|Z=x^xPUuBh&;&#y{XE{2L{D2@F1W0)hBR_=HWy}w!
z0YP)Z7@m?{kSQ)NIKh5Uzp~^#p7mswz!;y(;Hyyj1xJvSJ$qL=kL^Z4j9JU?6-j2)
zvlf8$TZvdy4UwxOG);_`-D2N)!M{^KMBTrJU8AU@UC1X{StsX!_1EyHlgsz#BlOeB
z<;B^_-Nn1>;a@|(-s&p9!uYfh+CRyj$<(q&zDKY`p^FKEr6G+2BvL;@7#zg1Baeo!
z5)=~g4$))=S1%<Aa1h+r>EUPzCaE63itQ2LrbI=-+-;Rg<6x&|N#%MfiFd@ZnjtvU
z-QPt<IanM2OjG1S3Ucr_9@AuoKB(d!0M8Fboeu~n*~LkTKbHYZGL=Xa(?{PU2%|Lg
z|B({(gcmX|yv(J;)elkSO58ayp&X>Tmf-2>$+S|^cq*@!63OHDaGJ~<z-N}sgZ261
zW^`jJNVnggoEqA>dYw?Z3<JQ_s@e;)NbPK_jc+{0uKZ9Ky{yhIGRgrJD=_v8UDJ`E
zu$dh};Mo(6A8H1p?uxI72EM!4i>Q}f=q=xE@j;@o|4%=hig!L??Y)g6%s15X&Hxe%
zANYDHtyj(xwV$uUI8Epq5|S8p^Cc>I)r!U2XL}rkYl1JR_OZ%o*yVWm6OlWFBQ9<Y
zVOfbME_gsM50O@@O=NkSKd73&wnXvYS(^jpIx0VqMSDu;kCit}><1IPWw0nG^p6tv
z)rkEgSv)VjPfwO%?32&Q+AeP3?DpiyllAmOQ+0Jp-Cnk&((Pp>iQG6SV6tMjN+2y^
z0OE}3#>68bS8Le@&X4Z`R&s=Ft~W&<v6dY*SaK#Yb!5EqiSb&zKB{+&Y{l>Y&K%(A
zrMw7pmcUHPoTx#PTOmK3ieWTpRv~d%wZyThU1v)C($Q!y&vQSG@t@>l5@Uz&IeQB{
zUnvB%KK`@c9~>X$<3Ep&j$h(GpW^{72a+8qsR09i26+>~D(E<6K^2X;1?>!iw!P;|
zclzbgPviWTcPfj`mO~)v#gdYsVgBzQzRu78{ny8@U*`XFJS94u9Pt|%@yt?W9PH&v
z08iYe0bxClgo{&s+QaVX`A2ZP3|iEcSM>A0L15s>ml<S-Wy#B29O1Da_=#VDn$?s?
z8xMZy4bin(s52)C_HcrS9dVH&G-7&K0BUV-?dw>#F;=A_=@=IymV|AKZ#|J8Jm#8Q
zG2Lsyaah!qmz>tbgqKKcRGJRf0%%BaRFZr)bG(J0rKp*gg^P@}#ubE{K-FxZ0bc`K
z77>?^eMG&Hx_uXVG{=cMyKEjNqntfb$D%DEGVd0Vx@6Kp=Tmv@ykM?j*?6upx#U<l
z_GSI*#Sk4G7>?LcOcUzTV2IwI-Lx%wcX}h6NT>;4GyN!kgR#XJOZ3tZ152`VDT}mg
zs6NHA)tTRx9@Dt~OUHmc?M|}%HlS(!?;rQ`>;HcL@MZmfj;HRxztXj~S6H7P2Xc+o
zzA26C>&mX1?H1eYsC*-fZZRjhOXm>{Ntg_kx8uv|yt&m`aZZI-m0NT^G_931oD9*g
z&id3YZ?AnfDmzf(^(J~Ty`PP->cQqZP|{xeUi`L}yqCv#TCe{(hx26=frj;ea5UJ@
zt^bGp{>%N(&+@ci|4UrOH=+luAItHg5c~@%1oV-_u@AT7Y<iI|k8G$#@ta>6Tg!jj
zZ+@v&ph^B87V>`{?H?Sy$p7bf%6!I3gAU3Arz!#yHnA?O8np05R)ZHIzd0elmbtHj
zc{3DxCI<Vz2^qf5(^~$^G<Ykh|BdqhV30rmJ2*aix&QH5o)Y=55+16Pzx;b)H@}h@
zIoB8T>gLrK8UL>%<2y*^c2uJe(gX%Fp?}8npn>a*q5YQ@-)lch%YXLhE_(vhbpCTt
z@c-IB8uVY}|8qP!$&r`+RnmPV(`x@#WP7bOM|R?CUj$6?UX5#ERoDo^ODqLVo&kyl
zRjwzzVT9}8FN3=BA4wJw86tg~Q3oMLASLw4WWskLi=i13n{Pc=wsbkq*Kt)_qO|^5
z+fc5OH3o*)h$E-*EJ-5AWPBw3Lu#53S-Iw!Vkqh*IG&Q^25RTPvdn2@1wWhRY_TtT
zLfO-L{kQx;m(u_m*8k(f{e%4eZ*cr_|If2L8}R?E+ArFr<b8R<^-408xVZgY7%YB>
z>0AN$8k|2Rw%@ki@^T9G?KzDuF{qM9EnTmT9jAWwHqY~d%V$G*gH}74r|Kl8^I=so
z<hBhP34zO8QLXI5jU%+0M`<;36+WedLsXK-xH>U(BT;QC6gcyl`fnn%TF)zdmrE4R
zTwa-+##z3-s9xdPuS_+QqXm$*^QHx;wWrid=zayWZ6&-v%S2pml)mg7T@u&NHGON-
zL4EF-+v-Bc%E`3Om^H2ZHeJP2s{+IXd!L)=D--;)hHos{{=aNgNBgJs{$Cn-<}~yZ
z8ZTu4XxRTB9_{D-e+~}zU(SD@<yqnUS8~FY<b;Z&0?8<TIPJMKCKUEvd-($d38Z{K
z-u}Y&!p>XeQ7qYkH*_cb+Kw11@C-J$cdu_@O>_Q>rC~iwLpyHxI~@Z>1Q_+J&RSny
z(;^r9Y!;4ooni&$c^yrnsgVk0A&0f4^0u7PB=jQchuINJRCX59o-TfvkoYkR`$b5-
zX*1x(+J%0#93D5u5xMi{gr-SW*?Qdup$a%FVignMLrABos~RuYoYE~?U4fC>bxpj!
zE$d+6)92}C5rfax*%=LKY%d!K886##Rw)b%p9(7m$S_bD)ZWTzw&#D7TZs1he}WS-
zNdrcfP6Sn}{}1{H`~8Cd&vE}H|I4#HzpRuhewoublW{7}=0>u}h$I`|3A~)at)#Xq
z>TYnGkpuZJ>D;7fuxY2JGPtWaGf8788=?Vh0AM-2ZZi$pquZMi>;-Ua-Yea3sj_M0
z;e?Em7$;;ZeV*)hVm{_vfh(%l$KQXxO-##qua;7YfFa)avzmzG&&q=9JJa0UT6nb-
zV9z7OzFY3(Mkhg_-iEO)LS7B!f_O7}u}W?h1;U*X_kpGJJuA4{Vz_N^dqKbJ-AP96
zeUBNr!O0ADE3*G|cYvYT4DTNuvvl5WG}ehRFZ8E8YJB;QRirgot%oICQL-X!lIhwk
zO?8~7<bF*jARp)r^+pkKH)Dw@g}lN>vUt&3r6eu86Rua$8}p{GIi8Z6GzdiM<kki)
z)x#NO$w}a2MyyS&ez}=gN3)d*GJe;7Kdw~?%Ox3vl;P04KGqt3OO*A^Nfs)avH4`E
z#ZOk@Tat)+Orw`9qKdgC!QI4!kp$p~g|UmevRJqBth{edI+&=5ziIpokn7_ZQjfGo
zkQZ*k&;%&Z>+yo93)d~QDE&Ydl6hFG@}g)}58JXm2VC^pFyC&5{jGL3H)|6bkT}2I
z7%w-2yxGboagS&~r;AY(6U=o0mc-Z(6RRf`MK;y1Dhw(D$XDoP6#F#xlf`L(8M~Hu
zdrCQx|700CTL5T`y>oD6Q5W_bdpfplXJTi9iEZ1qZOz1<uw&b{IhokD*<arGL)BNe
z?ycK@ov!M$&*`&I?Y;JIKkHdBkS_nRsYP2`s#+<wTf<}&8&@Wm+ifF;fb5E@ld+dN
zS8@2Ei|2i4xq?YQR71JFYy$1J)1I%w`uQ?J)P`k@i4rSy<j<-lfr@u}DueH@*0JF}
zIke(?GOsTUx7VR}vU}KA-#;`}=2fy!4IK9>ZKWUEdd(-Sn&co&;E+1<ML84<<zbx|
zF%VH@m1K&;0_cVrdx`}isF$r^;s@TQIs@|^#pSutv@l8o=VDxM$O>1kWo2>XOww37
z8vXTb{*BV%SN!#_+gSgE%xAo3|CKf|HX(v?c)LG`JgT~m#wdaILMm-8D8^)7)W+4W
zzsIj>&!pN{m4{j-Marzu)OAnL$n`iNz&X+77MbO9XETjC6NjQpN&6Ku_#L<<?fP`z
z+R6*Ku3u@eI)0kV6?Sh=(03ady-Y{Kqwi6VbZ%3waIY^-K6Qu{!WIXzh5qZWAP??Z
z<*;A2!$3?8X~N2)Fc*}OI{qE3fR;5C0Abh^46O{`r^rntf89c(7j3Bio88T@`<$af
zJ4gnmXPc4!?03K)yX09^T|iv34X+;U(k=(Tkt0fTLr6QfoMp@3Y`#JT(${UD(Vs#{
zJ6l}G8v7;i>m4!eqZ#J`G-?~Mo5!oFo5VgnHe7lTZQ==net4<*s;W*@=W?<OQtND;
z>cqGF19>kYM<Z=9!C8h^H&!|}k_<g*M6nSv-}mPomE$^4j%vcVLCcAG&-pD#-20Pl
z{E@$L@klJ<h01%(G`6+>nsw}5YXfwxMp{&ps)K4C>PAEf>Tu=Sm(K$0_l2l9zKMuD
zpQT|!!TAl|B$HC7qA#?4J&r1%H}17X*0UY8%LS}hHumyKdE3Ey!Agxmp+ExvW!<Xp
z(4n;b0T-UOWd0l3my>(5b~m;g;-pLcKZJCRn8PKG3+dh&?tfD{z{jfmYWwOB&hlPB
zF-}$BWcgd`>Br1zd%-`{{bumd&5cUn1Bc=8ypxySOMcypG#I8!;o$=tns!n(P3lyf
zQO34?gh<@%r#fdRW{zEeu`T`vr@wJFWKU*Iu#PbX!+g^NmCp;~gZ5#Y!|b1wv#9?=
z=_}H!tzEj8%cQDF;Tvwb>#UV%38BEP@3@b2G+|c1&F0vg<5Tk5f^!Nx1vVI|GX6b7
z$qY?6fSJBxzN}WLX1bi2?g;=<QD=kW{$foYB#p-|%^D==x`cv_b!F5kK*1&YGO!50
zS^vro!<FZ{lJIb_pOFN)cm>>DK3;ylek?s5wWN%GA2DiixB_~lUDZr~NfR=&Dpqvp
zGHvs_R8Ix*Hn=RPJ*cOiPd@W@pz>av2<0i;2e5d5CgH-P<F*@QH~T&g7%g&UNRIX2
zJ8yk~5z@N%&4=j44J*9Jx2M9)8_uAwG#mM(jQwu>sL*wp@5|C(Lv5_U+~2o8<lB;M
zw8aJ?d5OZjt&Q9bkfW2A{$_@K$~5_9>CCQpw$$z{W4!JdRReAro3DTEEo-UdpIdUR
z_1`~lY(jh(*)KuNtEjg}K@4;iCJvVo(eDRq<7OPU?$Wo>1DpK+Bt9EToIoDS;%nN+
zr+qV#Nvu%+^u6#dF{q4v!e2|CY0N0}Gvdl+$9+TihGX{$EoDyJ9{ng4I3Nww?YGQd
z)W^NW_LkeU5vFP30bMr*R_J9Nem?##UQXW59ygb-pQjsI4}-Iv(-7~Y-(z{q;a6fZ
zSuEQcb<!8BnNo3BN^kUsEf^d285qT78Mx~Fah_{BLX-0!?I!(0;LhN{NsSu3Oad>y
zOysAH@#d3r=6SX{-M`G6MdxroUS97nE;`OUt|Xs;SJhu#eR}k>V|YzI`s_&q3&uHC
zQsz5x$(>SoP_lsS&wMrEi~HM;<IDHQ&;7&0&)0oxp6G2UkX^^t(r#@S)3$ULCqhT(
zdr9jN{mJ;y!_da+(-U=zLngcqOaPDcGI_RKOrBHk6BOew(96DahJccqP1d=zc0pg-
z`LQRg1h560%fnb_E;>V-qY3Y&_+1O_iq}g=CSYm39&b>pvfj?Sxl-EE4dU+gqGL|)
z?6Q<||EeXK(r!&_I8bqJ{aYNpxHTm-^Oq||X87~_>;Bus-J9r~@{py7CbpYcX4#LR
zh(am>8ZJxql-q*vpRm$Er^JAr7DI#0vbU#}v=l-YS^yk-y?B#-Rn>SwEl$qX=c4g_
zK99uih`KQ}iOZoiELZtXzI3O;R&Gn88ia#~#5i_)`30gXJ0SF*tqF#?M;a!*mWN`2
z9%s#CW^T)okna0cDn{JcAgGl?ZVNQq4xK8mZn^W8H23nc`taL#=E>V)WynMSZ~I2f
zSp(+32eF#jYGQAFO<F<*9kKk~E^U|Idqou%Z@Nrk>$k@gdtT3o`%P=YL*ksg_1x|*
zp|*~SRJDVUQMj#vtv!mU3Bm0Dnh#J?MfL7S#7uPHwQ0pn3?ic`M^7Q|PT-mIcXu9A
zDn6WQ(^i~fYuuG~Zv6YV>$uT-dFc$bd-<+jt?&fI=5m;E(2z)-5JO8a{NQ~k#Eqi&
z0AL<x=WcB-Wii`i`%6>(6lWL81$iB)mp@&!1v&oA&dz<`hNWOw1ye`eHvK**PX{-<
zNjnf1V&>G<rTcAlZQ^^?@viCUU6O>>?d7-9mnwJNbg^@2*YT7$UOpXhv9H&!W=7$P
zX;Y8Oq25gg$bl3^AIy+ub9rvus2pP<=#quc_!rIWLPm&!OZ3Vr;_zVT!AqyAyfUTf
z@eFVKzy1_PI{!BHbaOy?9xF1}vG#_L&k`zzmomI|F8m*d`yZ=AgpwVU%`ndo45sd9
zPr$Dcr^3)F8l6Cuydi9p(wEjs^x*z>_x<%tDfPAAb?VE(>*ccPuG|`=(7!*9Tmxs~
zDV>@TRoFt^a%7R+$Gnx3y<wp58{p&YGgojTOBHX<O|>Z}3lZHV6F{){w`MrM9|ppT
zb9!JT&rz2J*1rE^Ab4y3ThZoT2?gAw?f!lFW5ei@(lraM^$z3l1E}HYam#LPyudPG
z*&wK*k;}cAGJwMA=}~~^sjNB6d&$Yy4k&PB{xpOF|Fe`f7+RRmdgH03CyW`5LL@qw
zhQ~gxX~mvl*8~O<35Go+W57dP)Q75}PQ?*<B3E9+V@=kG3t11mq@9cbP}s5cT5_gq
z4Pj`9b}23Z1d`NlAkN?e*+wTbJ^*d;XX+U}e>mg~oTa=7a#YwReSYc~XgllC$Nvq6
zO#fyPRkJsrZp$q|t_6c$IJ;UoLpOWGA*IwVO;Cd@a)S8dq4)^XUw1LQninH6$nqVY
zJ^GIjWEZmg^~+*L{vf@S;P!Qdu}UW`YBVFxqD}4i$WuxhQm-b7KLb9Uiw0VX!>q0R
z#{O`Ub0E{PT<_&(%SX<qd;r(ebj=}Py6P}R_CuMS_PDu!_57d1?!W9Q?bwdrsJXj3
z7-Yi)*(|j}O=AcRCe6Kw?1}9eMu?-WZAOXWhf#!rbpzDy&z7q@(7}RCI}sdrRdV6!
z_)XC9>0wJ#XluPAQ|MNJJmy&1M`7ePp5lePiQxmqphTJHW&@YiCA}DAbmvm2bg+a(
zt~-c(NK!6_fbvs^i}Ubx#R-0qjJLmw`AM_>43mZ2yXUi|(1(lk3j}3V8%cH6u1o6$
z6Z{Pno8JlqFr0al#>~9EF#>$xyF{_(*``EkI|YheG?8p2*Q~!39%S_XwE)4L(lFeS
zomLdPRwT8vCQBxLN9gkEkpc>WF_2EIbX=!9V|vcxmUfL!9PlzYypRWG1XHkI4Y>5i
zl1>OFZ_)?`fea#fJ<)qxU$q`2?3AuXi3`B#_l_-uAJ9xzV5lJc9OIo;FL{_js*gPd
zA$!Qvj97E2WXom49DW(J>v0Cy=UT1auX>T1dCAO7A3eOa__==$b@j^AP#zR}tm-~+
zP7-$rFzVk2#GvLpkd0DrFwQPHhx~4l^<b0fW4^Q0^weUs_OolG+1`$e!a5DP{0Rs5
zfC`-rCa%{o)*CxW@?#V`PcxLCKNB48w>>8tn)GeMQ1A#iZvP*Lp4`R?dw1-BA$N{e
zJl}R-(9Z7l^Fl;SlJZ%(*G76NGNAjWrN;=ARc9#edp|rPyUjpK3vXM}04Eio1wLQ$
zJ%usao>Sr|WMZP{v0{q9ndwJQr-crp&_7qEwQ}l!CO1#DGiDw|jeW%J^MEha3Bp?)
zxl1|i!SY^zRM}#v3bvU2NND!K`xy(VM(p2y_-23fdYk>Q#gO$FrYMgP&s>G%l3hl<
zw3HwE30{@flUT>^D2J>^e-VFa&)!yr%$_zkX@BJ@5-9RmBhqghO@d#}^(>0ldUp0p
z7LQao`OzMSZb&wKvk)1W(>2n7I1+76G~Sc&ICw#b8^lI<8x5h4JWq4&)RYx!a*xpx
zT&@<cC=`()U}@;6RHvJwn938oWv1S<mirbri8MiyaI46X8T#+Mg6K?{pEgF^o7TqP
z!RANTft<&~q<f4aJ?vV?FjTqCl#S_Fg$NT7X4Ql|PIq<048M+YTxl&L6C07GBH>wO
z_k(n~d_0Q)SO9~lpv=JLr`N9&-!YDk<^@H47XzKxbb8UrHE9Xt$8YR$cEts`)EW4j
z)4<METN^bzXc?s7F}BfO0dc{2AnZ0_CYm<x1Q}t{&ej|)7MY9ur?j9c2hn%DX>@Y}
zjOwJ+5v>t|H}FA~qee5kw4XZFiHR5WF2_-MbgK$HU<N?AOr6B4%Q7n;#vp-~y9T=1
zH4MU}3{6D+E>UmC?bDuc*5zLYMEmoyEymCc_zmjgbFY=NL{v1U*VW^p-AJM$q=g=k
zy62PQV8SzEv0dc;`okqG1cj$oa#`jc4holUX%L=uQJ6O8%K8E4;U_g03bo&N3lOQg
zR?L`udWIqo9Cl*Str-SW{NbKGj&!DY1yRBV>qOTr+3hM_8jIa^03-r3e$0UkayK^L
zbl}mC>0}JJEM8osFtPXz1X3dCxF`r5e9)z;JiB|K*VYMSe-`+<pFL2)y@DH$KkEj>
z=6roVG-~z(Jlx%HL0^uKAEy-?8gI-``d$Avw)`HJrZ+b~C(;apa@5G|r6;+I3@#W1
z)QQ?8l?_7!(ALsIVYl5|TtdV^V7hdC9wVs|*0eZ(t5&#TDB3uGX7B~)9(H2W2q)%$
zX1wrB*i-;q9^}M@LpYAqKE@rJ3G&qK6xfvqlr>6aBg`~_NE}#eVM>cVQ4x{hk>txG
zrhGqF{lV@z+@&3H_QTr62ixefVeH|j!!!X^7Tb_wbTzgJ7`>!{-3bRhJm9{;VE3L#
zkSId~U=3rqJJ@iq4MA5bgX!G@LXhOK5X4AI!k4`$UM#6O<Q-Rh1W>zD3B4#gjto#i
za9#v2fv9M~Mw8+(vH|Hqq?BAz5W}MwK{`$MxFqD)CZZ{j8`k|^gMj9ik#vRK{Pe<$
zWY<R_Rufj^wHi=cPtS^yMYl6XkO)T*kN4U7Nhx;3ZJ9iBShs7KIV^98$jE5CFIGOJ
zBhFwfxwrEsDi_hm6{MqtXi%=~yAP}wzz`)c@>$mGS$zAqSiFRjV^nMU2YhErQe+uP
zbf&!+?0yJpem&RR?>>Brk{|C`*YE|~{C=|J5yCArP+}Zps*gNA^1oEKXPUtVL;)y5
z<DZMQP)MkWOyb6bz1tGJxFQY(ZzHK!b0}WHob?_4u*uaagNlY;2&&yI39&MPJR9ZN
zKFT~%V!RT%FX$MrRjHR81DT?iau@?NJ6cVD`{|wolJ0tT>hh9#jzDK!8XawS0Uk$7
z(+e*>@$;824z$a;)1Trq{%@+xlI0{wjlo)w@P7jJGsYIO!w?~L?Vep-4V;PH!E*(y
z^>*CdKn0=_)R{7>+m%}al(QfJ49h*rh5fRnql7O-JRW)up<gOfRv%_qA?hQ+<;jbG
zHe>x;rR>le0kI^~l<z>VbwRQKHVXl{IluTsw+5Nk@^R1&ACHF-Wl>XRYj(DViQ=*(
z8TN87>o4jlyoS(m1eOI-X;KE8@x)0~UYt0`$QRkBu@6n2FET($q6lL^O>nBhH{O0a
zSJ9>l(-D#ED6%};q7-wbWm|btQqgiIDiHWFz4a)-wMCznQjye%xW=()sM2N#x7V9H
z{u)uju^^42;bgAe#l_7=3@Sb<qbMH!NRUO%`;$J$EsUrKesmJxVQ_JD74TN`n0Fa)
zMuXVuSVX@oS_wBnXKz3Sq!`RrB#3__%8wkyA9i;h;-7J4J1WsS?A&QL$vk3<?>Hp*
z(XXZ_P5+X8aeOPjr7!bt=aPie2y6EMH`N;;`|9dKNvMJ*$x~MIS)J&9%`H4(tSkz>
z>ejUPH!0`|HTmU8C<bfkEtBo)eQRxFA{W%L)$RLn@t^)9+X|6nz*`q3kb<1*!>{d|
zy~mmpV~ZmZ|MN!N@zJ%?MHnGe3`@>E2!4pe>NR|FXV4XYX~pyhI`*7<tT<HMFM+Id
zT1O`|vgp+M&D|rCTNVm-H%k##x@oE4{JLdXL1>tqt>768)-v`TlBA*A!&yPgd)sT5
z>wW#bfS@-?C?~#TOk;06LmjxUVP%QcBMY}@5xIrxog_-)&(9+?`RVBIoct-g=SY&|
zOHVUo<PDZ<5NQCrbKcfzoVUyJsrxAqUjQbjG-`CcjE3R5<iWaE-wu&Q7gvsj=xrE1
z09l*$93;1M1X&AueVAAw1e1_`Tv7Kp)LMZi)$PW}V2v*^r^_`Bg=KP?2@vVISa&I+
zwWUCx<N<jYTy;%vfDA6Xe0f1D%Acih&-79bY=@`h?bq>B{P~XmekFORU9$i4uKT59
z_{yXAQxyl1X+$O7jrb&`#RvR!p>J!m&tVy*O+48cmynKtFz{{jmOWkT;&LS?#Zhp&
zu#yP0A{{vN7o__Mx?Sr8%}i|MXehh~5SpD(`!;(aD?0@9+<G$D$Ei=>+2dP;?x}5I
z`_S;$y{WHukw50JxpWM0n`)Gb{~H-A)X>Vj0S#pfADw{oyIwgRKyQyrm*^k^$+A9B
z+QD_oW>G?N&kF0w15wB|2-}HM4q}M$!dBZ3I&0647yJG;jZp2<@nueCV~5V1;;8%R
z@g-})GFKs!JXBp3D}2sf!sUliqu#vpM)km(l>J7}SJCUMcjT049b8j988DY=kcQ9O
z%iGpwMGp1HmUi^s`^upDa?`MKU<WoqbQq-`Y<*^GP^|s6Ad>l(3LB#fl{3ygTk6QU
zp_Po?k&5$ZhMrY5M**q-`~0X$qA1Zq4o95;8fZTI2cg-cbbR(uJQY2oDq-{~W+v*|
z_><EDVXKk2oK7Xs6g%BYyI#nqA6@c_2**q`<OoYyCs2o#-TTiq5B6WHO}5grstv4b
zvpEs{APG{FR4Q$EEX1`V#0(+)?ICj}?AA_=<e(#Sy2|czhVb-wOah%gycMAiPLyxC
z1n-0tHxaZC`vHDh3xXSR%wTu>0i<_F`=FJYyv=}`Vg^IdT+B|6K9Wp1{81-*>m-so
zNZdOruzNoyh~O0Y)%cHUmnOtH0{`6xIYZgFPkS1J2Xk2qo<F4+4|zHMokmK@^v3)L
zQ|-f>qCipf&Qt0y$HQ;RWIg+TrX$1U9^LS;N=;&Z0SIln#`;Jl@3FLzb*Gr!O7(5^
zgsZ9I_z}om!+?>4>fHY(XWYQ(PAo)9X@19`MwrOJ+I{?;C(n#l!q${~P*f2zXhmW0
z)&7<#4yPV|9vT{&dq_5@EwrqqH7&??oooq4L7vnvc8VvU0eb4y$jZF!0Z<O3IBa}^
zE;c8O-$!y*6dplM7+qD?W0&S_|4xnoo5>|34L>fa+I@YhQY>$)M&0S#Q2DLSvtllA
zpH{K1@T&bmsZ4;3D9g2;{Kh-+Y<!NHQKIGyRM$8$w1{<G!hKxbjFf@RzG<ljHFhjX
z!TsakDx-6n9kQkYF6QCor-i)cGp9^qZs`#`y${E2jSw;H(k#@Q{*-SM`{-pO5H|IF
z54HW7FN)bV)MWk>Bx$ZaIM>irRyz&%dn5~aTq2v_Vt_ACrmueD=Hm8JI{eS=4$h|c
zJt0UrVuIis<C0bza&3oyp)R{NEpA+SGI`>|mf<yy5=#qmbF2#x2njF8dSVk-;-iZ?
z-=OV1U*T{(bGfk&DZnQ*rdUdmq}|OKlMW0hJ<6->$N%t<#v(%?;g0LFCK0ExYo`L#
z*z!S@0cO*=H@I6OW8e%k1F72zFlF$*R5G3r3ianh>Sa*MT&OLPk<V6-2!b)?&3Tu1
z*<|6Z=dy%idQKlf{w@0c-`alh=);Gq_sEFiq7g5_D5+LM7j9HQC`Jr*{3@HX;cOFO
z@5<HukSO=Z?T>p5J?=WLGz9(I-5f<)zCBzfJ#2_beK3i!{43TJFa869Emu!s_eczl
zO`a6s1q1v|S7odTBQfzTfq@?Va?TPM8^u25Ogk1p*Q2d=KM#j@D3?eK8)^PF`mPHQ
zZ+0WiP;PJwJjRG{j_WF(6+4PF#)S$G?e4-VFHaHEZg?_JmNi)<D5q4OBpj*7TnwHn
z8pvHR%f!ZC&(g8!5>JQMR_0_@FSeDzT`ekK8hgpNGwFYyZRNwP!D`+L$~kZum>vR>
zwPz!Wj(H&eY?>-C*#y6q;z+{fx!C`ud`pi>9RoS~+BTTij!i1W+wYimKbP?Pv^v{(
z>C7@;cbQUvL)x-xA^MrZciN2eyDVy;dMjaKYi*e=c{(^Un<{!u(apMEeXl(2S*Lf;
zVkU-DZ13#MEB#~dBTB@Y?eDjyh|YE9r;Hx(YqHuY;9RqA<r=eeLrcZg%Wx9yP2cCV
zyf|P@?8i%jGQ`BLQf^tdgtT6w%t5Z<_PM2h>bh@$T2f*c_}Sk{PGnj$Ox%D&28*gu
z6K$!d(|v9>r}`pE<}}#*s0;pcKm~tM1$&1%uW(P$x85;IAU8osT=XilncdG(=Gr#+
zc9z2;9fIks#10f)6XN^bGsu^%mTe+WR#*XIR}t)c37?gN`n)jZ`r>sdv#WorHxunO
zL2G#dM9B~u7}2h!tk*|*RezEVWD8^+d}T$Lt@(SK|Bk2NDQfYdlSmv|Z|Oqi*d>G(
zIx}E2fYe#vMq-BHBK-FRMI7k3r3R@DvF}T+8(vx@q^S@sqcs&8PvIXK9h?fQp<NG6
z^1@h*(fd0x@*w-4g(N5d#T++R5eIl+zTvKu!U?C});rQC#H<^jG>(vaNlq`H#*y97
z+t#wGJ;1v^9(8Ij3fC@d^`EE)Rz0$Ig(pUXkex-BG!3WfN_l@1na?o>it#+@%c?S8
zc*eQr1%Ouw;T=;AEcHZSVuhm@KnH5wlWF<~p<(FjZlAZ!e^eOj{nAcMIqe<Y&F_Hx
z$R{Ex?n<^zi_Xicy)vbW;a}^vZEy7!fTQDnHEH{iMzS_5mAiCZH7u2j|7C6hJCh&I
zFztA;=5yEaddqb;QqDcGvv0x;fZzM;Bl-TD(Ut>T2G`jc@<dREvDnN)frm#m-~#fJ
zpalLeqoQ!+N0od}r)1;zr}~D}9Y#RyWOCv4a+U7K<^HMd_2vG;+>HnE=3#nks1)$J
zkhF+B2c5vxtoPntBB2Z?IwAbV6JW-*(Mc6{^8RtKv=*~B0djf$Iv!dAHXvVh^L5ie
z+keVDzV3b8f8Gyt>?uf6-$hiAUM9!tXdKg~WTEwL5q+zMaUqqn*oAZU47I{E1X%6i
z;tcu*i&p1c#pq~JnKZIdYU{tSMUag@pHNe$VHUs+`xanFj(uTH88sDZouRL>aQG7L
z!Aue4W%`-?Y2xVha`zTfsPHB0BI*Fv=}>i-4t_fkOVKYfI>rJnI%Q-dCnM%wv4cy<
zD*btnG{?47ediq+Q2)-<TD5urGbNoR77#7Q{&6W|a)QfZP^*{NeK%%3q>(AP?VyQm
zOM%3a@63xxd(b!Bk8k9%z+=~>K3%BI!Ybw(^gz}+EB^Wk^p;?XpHWZ%z-mxm%?Nh+
z1gJJQX@NN?wfJigGudQ|I*(~HrwAUeNPb5S8B*{3W`-|26&#?|eF$;kRH<r%hNWE_
zR>sZ$;ppY&dt>G3|9N72U7h{C__qjz2(iRiPlLW9Wk?tPXq~@jfR`F?Jfclf+RDqn
z0`E%Re(f+=x8I2Era*p34Pe?GRO?<tp9gRx@Ai96|2a|}({XswnQGDETFrM=W-QmQ
zpX5z5$M*<zKf8MQ-Ynb<0SA)qh~t^DU^ojbDVWCo6H61wp_qLu(gUB~xfxP>5Yft~
ztghp}XAvR-J@pqRU$qmE^8a|*5w4xA9mZlsXVFBe6&ZtC)L8Z6utYc;Ix+6m&*lti
z+{fBB5k#I`cygdzC>z@Tb6iK9c!L~zQ?62P`e)$D!eS(1*OqomB&-hb6NgNp4W0}C
z@_64lA2osH?hsi!5z6&Ug`mJCTH@J7jzvLXI-W9%=cVSAMZ1urgD^G7FAR9>fwr8p
zR*~c}0($z;3i+OdGz-x=r^$4w!d6|F?8*1+=;}<_TMb{e<i~DUAqjHjZpCAO7$V(g
zp@BWb^_&?}Vna?ISV-Dys8G0)pBC)m>+U4z6sYc??F1`K>>1eM8^j?fq~g1|jp!S?
z`K7rHyn>a?lUL~Oz|qZK#Nj=NN<)|W6(Fx9{3jqf0z+9BFtF}nJF;`3kcc&S?{3hL
zA!1z)Ug1__28eu=inuylQA$`rXdf<MG4KE&Z((W(|Ng$<1rJA`1FCqd9wEasVg^&k
zPN2+p^UycQ_>K4hUpY0{ReIFO2ENAOw#lt(Y5r(i^TJE_DXo*Vn4$Z>A@kaH6|)^4
zU-Uq;8CxwWQ(Zb^+=4`#U!0jE8)wth>m;<F{MJhe{m2drqI8b=Qd+LYbKSVuYy<&-
zRP5zw-6{ft4JA&<h>9gQXcLyN*0|ic;ky&<UYfnwr{Z}M7v*gubnvZArLTapmk@X?
z^zKM~KHCa|(hJPg;i4Rq46Vv>@FvvxrQh1t$<@7w3!wBnmz%v-3+LT(M#s7=LVJ}X
zXGgPwc~*l~Oxny*9Pk+{ERq%01?gO&%4Oud*RE~^Y101lFN8KG65D9OL(5U(c9eK^
zthk`lsGH*`B9xzQKbh5`&KW-&m#dB}8)8$IOmmPHbXF11WH*c8Dx|=^c`l_==-2bd
zgj=m;=y>~{W?cC266mmA-ivSz=f%z}EQI1ba2rwcxxA}C7S|Hnp^~C-zk8@Y@vwv=
z?h;cGzE;6n*Ze2K(G)rl*^5b84H|+ePY*4AAN24cj#6sGpp)-YXB>VtVCW9U9XAI7
z$KP4;l!Oh6?tG5%Zp~w$s@Gn!H!m`~?+9pxRN-3=*TP;szA&r?ww=_sjd+!qsm$C_
zWVuhsAKkrvti5IhI005JeNO@DLc#V5dCnhO#y>2&;BJ3<Ai6%>s7-EdLibD-8utZh
zFTVa;cj@cHN6#FD-AF<~IVDHn29NGG&kDkg5{XP?7OaEw^5lR-q1doB-T%FBF`>;4
z7)62cTZ3GvZrA!vUaw7SnBF(HZGC-m`w<Z{u%|%GB#-dhWzLJO?SRmC&mmyolgp$p
z`T005A){AEROOa}_voRa%}VZTZBUZ>_i*^k*U{_bHs4dWI$upYoGp9fxV`K0@NI+f
z%B!U^&2k7|<H(um)&3twO;vE2e%e@&juEE5yr*NlqK>JhJ)LWjCu{M#q9(W6%tlm`
zh|O~U`AIE6%xEZ*G28i!3%OlFUn*~)>-e`PSLD%)gw^z)c{i<}`wyD@<-@i?)5u0g
zj`3Y6WzdXUyl_=aZ55QD_Qkf8!sc2CB8jLoq7NB8r~vd2{W$t~Ol>xoxUxVMUGLPz
zkd)rG#Lf1<t#f|f-SgyUN5OvkeQIG4Qr-p(aDm!GL&8NdCqDQm-soxV=a*l(&*aF{
z7!m-Z0Kuw5`x$Q?m5Vk8x)aQz7e+I|ZOY7Zyg5#+&=lBzq_g1mej9C_UPNDu`p?o3
zyCm7pVp$uefy@@HDZ6)kbG$WaKv$62Jj2`Eyg7TYy7i+><Lj8M`F1WD@yG(?H9!tN
zXQ_dT<(-drXg6@$>1|)^&|j@^=eBZTUbZIE&s@TCT9h!R(Vb=KHad@WkDGuP21Oyq
zhQvnd=RfDLNZT|$l-y_9)pdTlx}8+98@K41Ut||&&ge;s@K`+EiAziyC6O8LTtA8a
z`m#}f@!o2$(O*(XfkVo8E2C~IY>rivnBQ7{3#cnfb*iTHTU#wgYn|d5no-|@gLxAf
zpA+8Pks*fd;4GydH2S6LluZ^fQLdrgF{p1BC$n5EpVZK2I@tUb*HEStvIsrhG9J8b
zAsmMPzTE!euJYb-SEXuqW=BdGm7;0?y@7|hr^$!O$3>oAz~;Zim)0bXkC<&%Ej-<R
znq`l>jR664Q~To9bFa(}x~f`XU&YFz2CJS1bu>I(e9Du470pul+-gb|`m{_1txWIx
zblBY9&^7EDw|VAd@UP?~aE&DNRLXX^v6=Cr(oit#{;0H}?Xm*^|4Uk(r2hYqR?Ghv
z(s~{LU(y=?{{KN*AO9z5{r&$Wt@i&HX$7~s91uh*fS*Lw0sa;3;!Xyf3t+sWDrr@#
zI<`{WG3ALLgAu^6?nUNidkl(8f!@Hfe<}W<X75<<ON7LMA|Vr0q18>yQP-LLgxVbc
zIjD*vF4vL|dD|DMxSC}-w*3uFh3r%A8A{19_ceWjbe0jJ4<!yR#cw)Sg(B_J7LkPk
z;BixUuJBE!7X|!em~<H&$-c-0_MWOe!1l!l=@+#n`InMG_(c1sYE9}z)2)}eX>6s7
zmnKuDG#QeU)JP<~iJeiTwTQjG=r&B-Aie3Ie@7q)FOXb@%U2P(kJGjFm!3Q4qmy?7
z8L#I%P@l_<&}##zCVg9w2L(I4J)CxoRbs5Tg>IvZ*Hwm{^i;%DP*o>Fn&xk9vz}Ms
zC2i2B2TNdngr!G=eFgh2xzn|4lRA-Ks=mwr0;-$+)6>~g^*Xh(Vx1)3sXh8;XT8?I
zMWO!!Ro|!a?wOIc$^-0>%ds}ZpQQWWMK1O`@$$#x(faC{HltLnv5F`&r$cxND>1gm
zACbmnQ9@+r&(;&}@*N-R85qXX&qAgAtd*uTzKMQ6o7jE{gPSF>;oK;lQD!`Boo%+O
zbr2Is{<vIrXXe~Gsu9vquo7x6D?f>M6+s^k5*Yb5V`pWN+*^JAw>jL>(K-NkrJA{9
zvIq1FjM3@otvvkG!{JKp@w4Ua;;ak!wxuoY&y1YE@<bCX-K?_Gfr$2Ja%jf<*n7>B
zC0LBWFkX(?3UX?;!Xd&;kW#^;-x_x>X8B$aGS~%*dtbOm9)bff8)W^bAUcM)h=J6=
zL;SxWbhI7Tp%+GMLFWhZ7)LNh&}G2+<CFfAJHe(@1||)TOZzJ)SCij78dg0yt|>W|
z)`Wo+7fU}Ip{_CXWzf;DPAGvZZpM+@4u@Qk@p2qiwHK_pd_7iknzb0+S*x&D{32x}
z%rzzXh6gVrhl0k2dbe7QCcyn(XFr=KQpABl?IJHIg8SZyTVE9^-R1MD+rKMo0d#rU
zxf$?9A(c*ZL0e^%*Ay`PQQ%WUV0~iuh3YZ|w(|ZiSj1pWjmCnc7@#k$^ZL7rZa*&r
z(PuP&an5m2te^3=7X?6#<AF!P>f)8>>Wa$ddO~RN@HXJ1**t@Oo8SvTngxNb&b!uq
zc0p$}0jfW~s~!b<Ll||w$(#oijH6qC-kjXOtjCD^wu~298$ATL>15b7BL8jca)iTY
zNLLDl<s*d`K7`3K&+|H{wsTn?#$(UL(X<T--eT_S)uI{>$8A}Wf<?Z(@n7_Q_*|M<
zoP<p&)ADhdR^Dls(N|^mG%2k0H>Bhhmo%uXNs8zKW7-;*ImM=b=odGn%;>2H%t=Wy
z<%Q1h1hP_hu_6@b;cyG!Wm6+UuFEOHu>?%--?Ax!jrQhP0whAM^U6)p*3El+Bb08t
zhvdcRgd+KNfu^(lz~gBg20t7#t6fwalEeJ)4{%51@V6Sp;}q>eyQBLELCc<5WwFns
zdKT6CYf<Cv_czeQ`$qt13}hof3F2pSxvS#<SMxVG)K^>ksMz&?pn#=%|6tx-PSH`0
z;d5=<sXFe4-`<5vK_#fSd5vEG!}12;=F%7M82JO9J^}LT^_DpWJKO*bnF-Z^{MzmY
zzq<5r3sfVE0o5nMHI@1KFJycB8&2W1qaoL+S1qFcWsm$RF1*%abunUMRq5^<?V6D1
z9xoD_VKVguYKADmczbx3nPB=U@75P?T>7=yZsA2kh^tMQkiyY9>oB{K{iIMYgEN}+
zD@t%*&1eA1%ySMD9tDa@-KwqrJ~HGrAwOmQ?<b-j#&&7?$`GjyZ~>yy3`2)tcF0H8
zLP%>i`Ru|iYJ~I_8TCND2?cf;0(DL9d_;WFMg0$Q!gA-4AiQ;go>7{QAy(}VkE6bB
zpdV__qoF}H-;;oj*}``<+B}VwP@)vKfFJA@OU!z@uM;U>c>_WseHaO1qI0(<lfOXj
z`d8i4FQAL7PTzJ=O))>@QKHKaF_^E=Y**ThJJxA?&k>32c%zrq_+y&g@p~UqE%$H0
zcA%UhN}!W)xbW-5u45-O4FbtXi<AU;qklyHmKTgDhx&{Y7g@$L&dWC74*r=q%kMwr
zIWV-o7!3YLWH4An>DCFco`3s(Xu(&bG^@nVC)a4t>Gkpfu`kW<0nq+Hq4ym72@sc%
z?C{zyXfp4db6uVfPxOi^z84NQ(oO$<Rd3O2j<`Q-Iz}*0A_p5}aD@8|uPkc}BOf2H
z1teCwrN8wACip?Ms0m2>`^7R;n1T!lkmENApMd`OCaRa9G`=@JKAyL$%d?Fyocsvl
z9S?X<(650t#CUL>wrGN30?p7KKYTVUc$tF=c!H3_*{^dD23Airx42^c9MDHSJ_3Kx
zK#ez`qMW47shkIevPg+tZ-wqNC5OXBLsSw(n$JIyl!FmCbCjgdyc#-sIxpUhav-oE
zy<qk7A4rgkq7p@H!%Y3fdQRC+v<uRSz5I){jgc@C$+k+19y<t&N=bBULdUIhwD+b%
zT3^T~EP*xNV=K#@@U;(mb$MwUgO$HGC4UqxN-Rg(Wdxha{u{L?1Y-;_Yda^sjj9T{
znrak^1f}vfHDM4f!q7d*R_8c%A!<PZ^Bi*<qM8E#T2ML~j`1Kx9yBZa%nh)YS}Mc;
znge05avF>v&M^>^m`W8+H<XP+;?hEt@Id-#mEF<pwI`m5H|Ol^jMOwK9t9mt92I=_
zsn2ye3B>7yf?;rS7Foqc6#Us@9Vs?!gi`8$`)Sx->-h_(f;?Oho`=$(0sYm3*SY%u
z%uou>BD+5l98T~sDh+Yeuz!TgX?~Rx2xk|Ql}_G#PIaw>k(iNAAS}u%jQ2!JNJ6gY
zkO{OSF%NbORwoV+?&GLpp1o=qE72kp&LFhvS$N4+ydE$_{9!GMBf4D}n?!n8j7K>%
zTrqnhw`~qAOv}#{gyF{tCPj;pARa~&#}Vg&8e;Y%-mrHV@3NMQ)pS9C{H{PwG7BA1
z9zc)@kIHxP^?&7mO|JKSmFHVH(aPuOwGVhQ03F|}!ZN@4d=TEOyeN!2)7m#jW(qho
zOEFZ-^vT+{I{qNt<4A2b>ayRbV^2;LcH`Bc(DL8aX!=d@Xl+xrn$~i0=IW<Uyua)p
zLdo#hIR;mF7{5B1LZe$*#!?|=Vs%UD>CT}&BrTXLh5(eByk^FqDcDbt>rGr|{!Pld
zD))+c4Zr`TDAm}96e_W%qqMe8mp>Bfi^105_P*H#%Qh}4h_Fn~&_7;rmL62J9`T2B
zT3sJGTxd>!7*uP-@+qh~C_Y>#CnX10UZ}<|euz<#ol9OPgFy<ri29D)l#cY~{JF5>
z0z+alIFOhnmspJ;UMtMmge7S}W*l^N2{e6({C05D+n8W4Fe^iKFGs}6`eG4E&iW=<
z5SF3zy(HGo#9Mj`W_&>f?=|EP^7PUzMq@Z@+HNIabQk@nL$!xRz3^b(Os~$#j8RpV
z{1K7V)Uxpb5drC;62Vy5i|4pN;w!e}RvT<r7@}s$4I~z1%MXzD+w*9rF}7taF0kP&
zv!Qfl0rkcn$^~5yto%)r2Nj#?X}f)`3r75YW{*S>PhH&v=JuF6k{&-xxguHsQ4EYW
z%wRlrJ>)E*XMc8ul@J+n^z;wF_MW+_SviwiA@~&nbIBvbt{SiGbx8cf>oPE&whi{M
za8QfIk^T+!9>|Shj026okEImtH`v?Man~d-Pk0~aVmu^0I}$ETc=~rAK~Fx={W~p5
zuIpQ1MLyQUL|Lx8${+u!pOHkNr?l&Lb6g%T;fo5YV3?!SdP1`Zr6Jw$MAZO@BMQs=
zF}U>c@FN#8=JVf(B~Rc9WW-?v1A&-F6kMC;Afq`2<(0Z_Q)6|!wlj!VE=#Iv4#r8*
zrCN!+O8X{sjO7wS^RLVl1EddKw5~I<2aRBV|G&+(4$<8MzqF?Nqvx1$-CwlQL%Io@
zhvUb8TYx=rD!2baicjh*Z)}0(dsV()Qd88CwbqB$@SS6SVm(WX&RUJW(i^&5%B+Jx
z)wKu;sDXE&r*idN<vf%?W#Z#n5lv*<)3+!$a4x&s`GKNg+iD0iIS(bTfnw+j)fcWR
zBuko#w-o$o+kk|(ph853kEa9_q?nkL8>T+`S8b0f6(I}pFTXPEcl<hXBy5NcbR3es
zD}|b2n;Uy#izuyxBSMpwxVA&eaAoP>x^N3iWU+*_E<@6Zb1kOJ)Wl5O0YQ=;7v$E;
zv;YJ|p^Zu+iBMd8-SPVSjRh`8DrlnVTigZsI-L~dY%4o3n*2&LtX+yekoE@kZ=zEg
zEiPGAD?S-I;ZRz;guNB39CR0?FNQtUY^<Rn;yRP1D;Gqj*akWEi91?iQ8-GWr8zHv
zL#(rJ-S@m6EWflOEddcvY9w0S7&BqjT9|cqTT#5_?9-Ugu-SI*nBmL&lRG8dz?zom
z@NonNZ)K$1;6qvFz_(nFY3Yw2ug16RU%|vNn@@;L!F|$<&csRml@>JUsNp=cz_=u~
zlDSjVmx&Y~N4>@_>Rmf&T)>D6#t~rLksAizlQ*tyJOOM(_BC9QBAz3I^d50OJHY6G
zNcXDywCD2b-j`#L<^1CE@pxh-b+UkFZ;#d3UR-}(C5Wy3*Dt-xZKPWGb)T*PFr%I=
z1%_JE9o~nZWWKiG{18YtjFi`u%D;{!XWtwYqgUA8Or$et01%jAo#0&Pae)YHEut8o
z1z%Uni=BoO0!HSuw9q;ymo<lOhD`hi*EEb37+_b!ruC@P>aScRU~!2Jw7wSA(Xd0*
z^C~7Nfn_CX9;!o3F&PD1DR<_s5ks3v_wQmr^RO5qC5VA7q!aOSr7pOy!(P2W&GAjn
zrn(02N&!*jlHmu0Bjbh<qB81*KIO&*S`RsxSXE1st>!YfV5x6+f|wsu7yN;)?p&5I
z)rdw>MXY4-YquIqca(uxgx_+dLzI))7+-}s*4P6&s(vSDCR@!2?3FDte5W<Zs1{0Q
zX<qcKuH^k0(zDdIq2C6(VvHs<B=0mKp20@i+c$N)Z#6ioo4@xdFI#n(t5wya)*}nC
zK2Gd%TBkN-%?iP_EF-L%P@CMf2Nz3|LHD8)RI=%8$pZA`-vNV(#c4?Q_9a>QNfo)-
zq^ZSrNNmpA*}bLVR<CqVw=)J=*r@rR4Y9=<nT#gxV9YM>Q%|-JwTZ5~X+yzwng(9t
zChGCO2b-y~h{SryS~+j)=w|262JVZ&?{W)?J3a&?Y3g@Go#alV?77kNV-n%$i4Mmo
z_s|E6=sY+O7@Nk@qA$v~Sjr4l+zR3;c;4*vj}CTkvQ&oG!%flOF%nVqAVt|@c1X8y
zedi8{OiLJ_>XJ5;{WuZ3;3-L?R!KADS!X;K^~eB~c=On>E+<4wupuNQ9-}L-N05$k
zqNLumYKPP~;(e2^Z}G<QgIoW6<fTnbIm%y1PHGe{D^QpesbYa?CyQB?(U}iH4W7I|
zRIlkbBzn+Ne;3M5IV?<FVrQeq1A6oCd(cG>HR+HBtKh;Rpy<O2?LBBTj~)!38^8L4
zuNbjT7`LwRp=ajSI`D1qVX>TY!{+Tvc2>x(n28U<3eUZFmbGCW9Kr>e8Z~^qAi2|m
zS}qw*Hfs7M|8QCJoF90%REEnGxs*3Q6pFpRnyfMCTCZrFc}{<VWcv(a(Kmu`g$0@-
zb%G)Ov?(|fya*1HA<QZ%nIwf5!}RJuLHNVp^xX`C?a~OBKC;Aq%{O=umR6#Ms9{7O
zPw^0ry(X9&dOR_`f%+eV?x`{r9`ay-!q2j-@B-OXv|t3QSketx;XEFMH806~Y$i93
zOs#POQ2-=t&^=FKx3xEpHh;>Y*{7d`l7v&42e)qoPKZf_{~^(_f-?~67z^5XtrotB
z#*g~JRJ=mxvhRCAGDem8AIItJU6h;&lswAE4Ej4ug>@YYFUQEhXaodK*;@J>%ox(o
zqO>wPw>B-|VGYk{e~)9w-?_43gC(@312-6~0N`8_*hb|fFg8cCLc6fc07Kd&FDmFs
z6^rrCjQuBW_;J;M63N=a7*Alg0;)-%A||Ken+=WenBZrBX0^M_lmPj1K-?31a)@HZ
z_W}N&MHWfz$WZ};DLlnYX5$K<jnwpqUm+m^dXG76;+O!1Tnf1;@G#!Rm5T10)3b(0
zn3b-za`;doRdUcAx=||QcUtyPq?a9nab1-DDc!<4FUkax2db!6s<K6S*XSP4G8tTg
zR~K3r*OJQjQ`ukmLFjIa{3*l5;ARCKJjt}rmV&5OQOZx*zxb_sd4>kk`OMCJ5`D2$
z6U#)w2*e23a{27*V=v3NWyr^U6Cm}yE813aOHVa_eUFRD;D1)@wS4#>cE;{YS5O>{
z8+$1;mDU^gL|1*O9($g4EYPmC5yR^1XVQRtH)vlhLPGw_|1IuMY;uwn1E``rq+&rP
zP&8pWmkjzl{r4tz)}cGyuFECxFOjn9*kt~=J&6K_Q<#!~pJ@+)t%CyG9x*bR=nM0j
zHpx{;lF}`h2|YYbiSyw^ZdEb@5As`2(Xhp5?#~>vc#;Uo*7xi>UklS_2x1i$vLKM@
zFRh~W5F5$)G&|OY6|Zq!c@ptY9&zxXPg){nDJN^u4%kz^NL6T*bUZ^bn3OYCic|r~
zZrSG>)0{FU<I|COs6A&g>|~>)G6Y|tqdz|@!7TA^R#8i~)j5+|vh2P>;D#{{5E=>D
zCpM-62$Ak?54<SZ=-I<H8YoXjRlf?we)b+A%mEQ(X?8yoEbNOHmn&<PV)n_SBF3;F
zKnR@20XlN@Zzh4;-LM&Oq9+HjQadO`?$aubPsx6B3Zqb=sZJDOfkc8XBuW~qp<Lqs
z!9x`Fc94W<Azmh#5m|s*kTwtD9$5%qz_gW-M=dqp`Wjt^!BQ~hQX)mB1F?jQATS6P
zRz3tpClAzh%@tCroaP~Cx7L~HJoj>W#Y5rMhZxVce~j4y=CA`7`78!G{1YHmF})9o
z2uhL|KTHOO?urCbV3J=@r|6=RiYLEi3Mg5WDd(|8gq-TRAOm0()=Ij*rVEbrk;z^G
z6tzhsG6QA{IJY4CsO6`L*gp!z?UVVkq@o`@Ln=}h6Q-NKy(|xAs2f=&Grqlnmu6x%
zYMEpT0rCvI0=VvQ)EjKyYMO$E4@VeT!ek|&04VoE0dF6lY?)aY%97jaA!1ZOM?$kI
ztt_^0(j`sKa^T$Wm|naGqxtWj0127x?R6epf`S`lF;C67NOahbf3z0;lVnZ4Wnm$|
z4l(gmaCpSzTL(d|@dq6+*qIaLs_3vxA&DBlc8LhiwC_ka6a_6uHRK^Q4=X*W2CAFn
z@aA^7Lu68kV&?lMXV9R^!XN>xPZ3u0m>!burM9cWN0`B`1PW%+=a?x}+(qg!c}9s`
z)W!KRNv&Z)zhq)Z62d5fET)PU;?xsi>JGsnyx}rZPRQ}KP(K+^*w~6@?NWp5U;u56
z5-v_s%btQiMBFd%kC%dk_fUiZ66tJ!@X$tDW+q|S7Uu(^(ycSnTGDAjCw~)}gMP(P
zmXVfSI097Os)>xu?d@1y%bh<@V)h4Fy>0WnH@IGP(>hz5#x{+>ir}HtUBif8e_;Ys
zitL@r`R7EXKh`#h*eZ0U-*Rp*cw|gPMguPwJ7p7LV{X}Imkt(w^Wp<#5zhxjKp&7!
z`yGn$hPz3aXcG1EkS&jeqy4KARzF}rp4!etBKt)IAz#Rx5|1vNJm1h=Eq9XQRlj^;
zQWwE55Xei|HeZ}QxG546pAn0@Tn=$)hIX#?R&h1p#xjU-Qh$?*DEt|^O+62Dw33Z@
zDSv{3^)sx*3To%3c=@E`lU7d9R&E67nA`&F2kA-^U7u7H{x#WBvP&}@%P86~sv%Um
zIie6&!hM|p^`DKzIv441GXP<f60ZtwV(q@PsWN%9;<&96CU+zx*1$F#w4-|zKiX@s
z)YJBl4}k9tILm{0*U9vsCGW5Kjajd+iOw++WoS?#pNlYOVrvE7H+sNcjDS0r4DF5p
z?R1Va>gB8c;nz%<v-xqr9ZLc*j;^M{sDp=>U6;G=dL?wcGt$%iS|)vjbJuDfs?u&d
zmiY&u5V#-h3ZvfN5DX_@7uz1Vv6N{0(nf?Nv8vq^6KLC|X}^*F=Nr$<d~}e4Q~FGr
zGdDMGQWkR+bd>n<wyCU{uhlor#a$U5g6!C`Smr9&h!@`|r>~qMwI~@{gL?WJaouvi
zJb5R_7?~7b+7R`(;?&OMzCK2#w*S*28+YqaF<N&c7DeV2Y)h-^c-nGcSa08u?!<r2
zD)zOK<DM)IX=ls*H=iZe<62q;z$I1S-Ocz>J&r!3tM>CRnsSrt6GB7`5|H^;Jx=UW
zSQ8TMn`3LEdYBAXq0=Zsu3KV05dfTs)Zq~N7*^C?`a&2Gqqd`%q%C;B80V}$NQ#FV
z4VDiU&n?ZVti!E1C?zW}_<AcM_S12NJ_GjWimC#!CgWhLKo$P3@SFpyarOhyGIJ{4
z-Z63O7qV)Y+fMD1H%M<sZI7RzlV*Brub$gesS^td3Bb2->Z40x7L#r)$VWjcndhZ+
zD`O_8rxF|`Skt#!xvaMsG!WTUOc8HOu#ddGPm}Q(SxGG&pPc3%J)*n$B#GJ`j0aDs
zOw`B}y;vYd3*Z32^444mpn#gj63H5Nm16+t{m&%5i9G02>G8HYr8meFf=M@1;Hpy^
zVFSKhErGj8H+-TF)_;LFQbB~}SnB0gU&-Y&IDHbQNXF)Wnwff*1>^%=o&C8-!hetK
z?7urcT(1n128v-!))lOWc(6d2LaCZfxY8KBI*!iK0C09?LeBe*K6x0?qk89YZrck*
zv@2NF9zQL+7W+xbK2P|SRTo4cws^tuc3ILTqoH79ENw)KI01#I0M@)5mBH+v<P)Cs
zf$fx$rVF+bGp0?a(pG>bQ6h2)3EhLN%-+f^83B;G2y8t44b2GYert>JkIShmHSW+s
zNiC>XU#tU_4Q@x2Z+D?!1y&VOiv=N&5%|d-)l5So_RcS0wD4YP$U*I9N(768x+^0h
z-=$_tWg;`V7q8K!+N)1T4Yj<ug@>;-+vXe9t#2q<bJA#piJ0NbnfQ2RsJdQbZ3yGE
zxgF8cvoSD_?$xwyF1RNRWU_xyknF9R{Xo4({yEAW#=XD#;aF?~uJ%pyfkOWGT*)=N
z8lrbH3ye91e9pvna;V84%npG(SyF%&F+q#~^g{(aTr2!91H_0(W3n1SaMQ{};mK{s
zY8!B^DS3kEKU`MgqKw62-vR_3g5SA?8=?G{=3v9Ykie0+3-Z(RidM0NKb(kNajEZ1
z*1YeFzwYk`kULrCgE5SV*CSo2D6g)OFFAXKRJ2>VxzI<<kbxI}NQ6a40N}JQ7SF^J
zMi6H)#E!Q=16wHmKLFT3C%>|<4NNze=k!uAJ8-xlL4d>Y2MOqP4IHSm!8{yvE1){d
zDO;_$Ukl+dpSMa^LKS>Q=9zV;pnWf&_o=WM`dX@d5Cg0nccJfNRYeC2Qk~UO2Uf)m
zs_z@BaH#NaZH_}F`1J!G)xv>cA9)r2xvHaq@7rMNMz&^E--VU}cu^dL7<8C`Qg)Ba
z;UF5V0f9zq>74kN5%LyTOS)w{3&)Ma{5{POy~Q4KGu5P{ALAjSA>xREOVyx#Hd-?D
zwN5p9a(+Dzho~YqW`?)w25U--S(Zc6iGz^A%W`~b*;_)LlUmn+Lk)RJ<KVd{mUMK<
zA;%s_Dv4X~nMv?7LC_BnV}?X+s>&MSP^IsyrROtitliRRPX`40-@yQeUXd90;FLfg
z4E1MlaxQMl%--CXf$LMNi+OJF4REMW2lQEr)xnjDlXgx5?9CFn)!2d5n`vc*6sSm*
z482`l_~(=_UC+nCro*L#@dAcAL!3P0C}Irh+}4mH0JVBZJ{K@F!3@~cXa$EFvPMb=
zan@0n&?nzdQz#jeiZ=K;A}ooMzRJzf2nU83!z3KIR5jubB)?{LG}ghVd)WdW48ahA
zu3%bS!M(bNa{Zm0cNfLs%#{JH4i4(gQnDWgmb_>3Y#Z?+*K#3Ht8l2H_ePXq#!={%
zhZRlsv_l$_F?p>{^h=uapAOr?p@xm!#=*o#2q2zjbTh8E_ySC=;8<O$r@Oasn2NjC
zIpmXq?*3|mKm>JGN*&eJ1eBJokPqN0#3y&$;OlZ6SUhxKU~pjZ(8p9NHD@N~iAIML
zg-QF#wi?rcaYEr3Nj+FjZvE*HT&k~HO;+-TPi_y5*@NH!rSs%F;^(f`3WtGmtrVa0
z7_<m<5r>c63k3b2Ddy;X=%KDWF3RbEe=kW7V$<P5`7x~rk9%<a&$o`a^5t|WkzI>&
zt2~}tVxRMHXm&o7`3&5H)712^Ht_Y(4RK&4wiF?2s4rHg8T+I#eQ=;ORbWHLah5hN
zAqOJ2X1-orhh{hkrlMrl{QW`uw~G0foJULFt1sm^6oQsXlLrZdnR#h%Ye_fchnN{b
z`x;Vjf;sYdOp!4W%IqfAGyUt$#$nGi(2qX$S!EQmHI(WAXoA!iicV~SC}?t}XgafO
zEHw2fLq<bm0lY;^2SEcGT(_i|K}17zD5R7MldMiCI;vdzt8qIjf3}c8Wbrs$4m{cq
z$yF)q<PlkMfQ%I31wv$0UWiK(S#6Yzg%DbdA}b7)u_#&UBl4KzWn>U}%t13Uh_n_t
zBV9Z#zicSiSX3bLxWZ>tAo93kXjCBbxB_WZAo94PX;dKcxI${=gvPewYOI89)#qA|
zIk-j@B9AJ<MinBDD$GU|B9AK8MinBDD&R&2k+!04tVYzTe(6+>$Ri8AQI5zXi@#Bh
z$Ri8FQI5zXi^Nfm$Ri8Kk-f7&;+Px`L>^~g4hJHSGdf4^KC)nl4#x?&f*>9B5otG0
zN9*VNB8apRtYa03ln3jWhsdH4J60iXRYvT{Ao7^QcFaTM(Zue^DX|}K0FQczJc1}5
z8AKX~@<_MzI)ZuB*T%0So`-81Y8o2q-w+>jP>-yL(r#prB__WNk(wv_(&0UFd#2@5
zACb0Ve6&r9MG$E(&`0~&G()6Ow2#bET6w&W`sV4zAwP16tT^aLWyp`LcTm%~A6e7?
zsw02Yr%2=AA2~!;9R6b|M5-fzI1yP{43Gw%4@-ps$sHo?2Lh?jwU&+rvRYi~BeHZr
zkd-4+b7?*1s36&Mq_xl>D-lxabFIf5A0)f977Y@TJ>gdsCZs+hjU$Dm2&^MkNM)pu
zDn#ao3vnZ|s(>N&+3)&ehBy?G<uMc*y34LBa7bof)rtU7ACc8X4`~kdQi!Z5gh(q`
zG+$aPi6hb$MQU#L#~e(=iO6G&DB?uqF@_a!BJvnxi#QQkIKYT?(yt)INb}A97^93h
z5qXTEM&?rFvBVoGqeu%uM_S)7%@KKwkw@wv@+iWOWR(vK#vn--(MqF`G;kPr#DPdk
z5qWIUNJ<fTY#~X?5m`JgNp8!u793+SL>^mkl5&bXvIr&R6nSJ}N=gxVY_Uqpm)0W-
zSW=3}BaB+29h=mx!_v(z7H*^*iU$irQeM&kB@2ZlX&Nu&K}!mhTEd}C_EL$o)+B17
z)%d$bqD#D@{9CnwGM;1(WT%Kz?6F0VE=N|dTHP_&h$xvNK0)y^p`aT8RRh@&P7#Zs
zH`lms_xp~7m=h{kZPFeXX07e-eIZ%0#2Rm8V;SCv6M%gbay*(Tr>JCJo~Io)vp=Tn
ztO8l-)La)$2eOfTSGF*k=Lwq9bicTPwGvqziYo!Thyx^T+fztqN}PNj2D9%ena;mx
z>OKIC1N{tT3U81zAA|IFky5piXt8KNqGSqWa4U|zIDixoipMxy1m((QTm#v%6|Rmk
z*V<JWW0vTlIMK+J#g7$}AXWlqx`&c=fW=>vRKb<Nw!t?0ZBVvsh2Mj7;<E?CQ(1fR
z)L#}^{X|UE$RVqxsth-FzIn+aw#rf;SzC&nzj2%FS<!RP3K_JrZCiiORv_!xxNYp&
z+$1c&ZCjzNW8*HlXIsG2v29yH*0FIL?AZchD=U@AA`4d^g|kBvhRBmjf-7>YZ8v3J
z0D8}&{Fe1mD5ORb^Dz+;2UoTq@dLv?Qcrr6^<@j7&mM}DO6BP65^P9|>FbvTK3f~v
z@;z%KTgG-v`*l-RBK=UsrmVW}YDK|0qEjp_1FW4(@0W1HEsMCh%mw#LxXqTspw_U`
zE?Ok5b+@xlRNFU4ZBTC_O_y>bk~<k2F7&}zzJt`7^C;CmEv()wd-4Rz5R)P3`V@^Z
z<Fv%xTLt;BFjC$0B5Tddet_v`0m$bg<`eG*(LN>)`*As95n<vQ=0vRtVy2%JAZE-m
z`oBFkL4mQ%lp)69xbkIGUBoyXgAF{L##}C44#!NI(kb%DbSlG<E~s<32iLp1Js%A*
z412q~J^IRo)Tl(v$794QV#L-(O!Z^T=yz}i*aYsq-amk_-|zRqd4M28AS7Izj@aVb
zTgtbCZz*xd1X7Uwi0LY`+sr{Mii05Ii?JYLq91b>wp;GO^~varaQSj26Q_4BVk!u!
z+bOmYVoY_^I$};ohf>7qMS7TznCZuafoQvwDdTG(W&$R-%smYdGu=EiVvD_U&z;n3
zDEHvn73;|oDBtr5qTqZ98S+aI9c^e9wu*cSvSM2DCJ*gPH1IqUhrI7mWIbvq&Vq5g
z6V(J=$jG=2>mFQB;8#YI%$+TVNp;kD<@ym?G3Rq=D4(3wYQ=0!^kMA6M1~3y|H^`R
zMQ%_i_<?-I%49?#?XFUwimVGrsGYwum@1ODM5WYa%85zk8}f|Hnhq`v9nJ?iO0B5m
z)E{&Ry*azXZhI(ef(sHLc}Eie_zs6Y4#!|a95<Mna1od1VzJ#3db1+CSZ<$4OlVC7
zMxwvC_-=40wHDI7lc6;@*1MoFB9Kav!lK$F0r%kN36iH0Cwk2T^;|=rwOZK&ejZ$$
zot(WrD1HN&0Ut#ad2++x(Dn<x-R<w~0;#E#;&&XvTZjXFmzJMjC!aGkQ77g*Z6{sk
z%v|%SS*}?Di)mNZdQ?^qrdC)(tGImgKskVxQCGS`Q{KK{R<0#6v!8%pM?V5UKIM6W
z!Lh-hP5nr@E~FIvDlJG8@Y~RWSQ-!Gh}tuhzIK6Mt?Q@{emlAjA;I@|cl#OL#@?Q-
z+sJ}nt<lJX|8Uxi67Z|_7WHSp9lb@lj-mqma_xlTJSITZiq#O6nur4UN{rKITa`F|
zghn_-_Tx}30UH0IR>3d1mKVUUlV1p=&tDqk6*^z|fM_!NHNyV^_Y(^jeCbQw=fLy`
z4jYCDEPGVZ1bj;!q8(!SQm`le)dJrc>8~;PXC%BJgkQG>zV5HR*{_ps$6h>D8F#8t
znm_AHgI^N)9jrIcPFY5Tx!{+?dk5>yu2UA{eJ=PVQQpCNbLuQS`z5j6!Fn_4lx3lq
z3w}vNcd*|4Ib~7Y9pKkVnPYRF%B(ppv7QE;r%s}rIh?2UTp$hBex39<Wt?YKIZPUG
zo;pc!N;%Jp;9q?9%UI7^v*9%0JarP_RB)bEfnS&N)Jc0|bDoOKH*JYLP4ql<lHJVV
zJgw*RXs~tbq_`>LJgdq>vMBhaBF}nr+bp{FOGTdbX0$2GVKWc>Qjur9d2AZYex1}c
zwmoJY*=rgoO6nx6vB6(Q&YH&HSEs45!CyzFnkL|zb45j!nwF^B%5<E``DAo$sWZvq
zA++wn^}lxi`E5OcdA_4kVzaN4m8SCStqp$N*{|b{WPxu|xTJ`z0D}hLXTz(Nt)2M_
z@;0NcHCQ}#Vv!ls+`7V%H84-q2}-0m4+%LXG66SDB3~trYh$vNByoUKm5N5l(<Bc4
z9wkHE#28!_iKqhnIVl?)G1Sr(q_bi5e9Sz-MkN-86`|0N2yW!&(R}UeSFRPB2JO#r
znW+yhj02&RAUp~q9F7yvbts|~(f1LeP_&x|er<U_3x4u4D{oM;9**UlXbPBY=%XtM
z#(9C1l`iRGj&-s5+Be|ikRy6qd^RMmE9wh?9NbN?H%aC=O~E3kANk9AY%LDH0zk|5
zP93L8>822nJ5{!jAvr?79S^L<!7q=SVtHkm93}EGh>CwEU(qp=Ur^?eo!QjL2g8}Y
z8Op$4aO;*wOR>hpA>%MCKG$zD!&PN*@F|jz;BcJ3>t3iYD!7|smQfVQBoPcwqX03J
zG%#U6OMqY3vX}#3{d`eC;$FKo)kgw{W5gD7URoUd2?+^xWa>$+>Q;@^OChoBrh9pT
z<H`bmLB9Vh8A{NKYd`Pgsvf{<KTr<o81Xa!sER@d)eYuXGE^;bXgM=gaMuQ$C++Vd
z4yyF~hl!hBrbS+WsCTYbmj<(+1HZ|so5SNlPTd^%%kupkN-O94Iq=IIS?}|J`AACE
zQUGnc%;P+rj^QIJT}Hw{l!zz@e%<Ra#K8@ky^(>sK5ixd{N)-zI*z4R2`Ausf`X|!
z%7Wm!556Z9pwE(vZgo1>*VjYHCY`T=T@6fUJ*t<~zdHgbH5`ojBnd)&4jH>6)PJM=
zh9do^tS;L}#0t77M(T6~gMmYGi-1R_QyBVyAzpZme{Gsw1E{^WP45z;?10z(PUk<t
z+54;G1Mps)*3vi3n?TC72W~)S$ln53{v8qyBBFyhaH1cns;B&se1R{B{+yXe0Uky2
z!9NVx7GSYA5iBoeh{}yDZcPRdwxtR50}7^naAo(+GQHcKYB5iNDTuZOd=wzT$HH0h
zeJleT=RdJcwV#G6R*u3|%qB%W)e*paOTZ>rbP=^-j04`oA%OlAhghb}z_(&LNWcId
zfy5VC&h3jAKSLVgaQxy0xKy!WW#kJ@60?V~&e%jk5TZM?mK4G`1fEz;GD>ko(Jdyi
z47Z_E9h%j42bo4+oRgHqV<r2_)v4D^ADo1Sw=lE?NZ`wua1xFQyp<_i#E%BTEudGL
zgdFpvXW8o=37>Po;SB<4G(sNlgChZf3}RF^{c<cuf?GAcn6Vi3!37$rWB#N30qpJU
z@BXqe;XGmo+uLKzC-JcFk!cc?R8o#@%i3&PRNqulu!L;mBMx!EI-P+|KZ9>kFxvtU
z{P*D9DHvfB2tlP3z*?E8GifDRX46a|niWTs++tsbjK<R2T++#K770=rn<!%vy^$Wa
zKZDbtbo+~?bcLfAFAl(elUTxI7N}8yezf}eWyAVov(tI@3>;>%pa`;NmRT}o&z?O4
zA9cPK@Y5wY$#}q~H1UbY`kES&GO5jNdqVDdoNULTkEpl^_&uGHr6>C6Sv5C1ofFAi
z7^fs02Q%Bf)<{Y@CtR`n1S$Mj#=)?i0d@Eh6tb8io!Ken55Ol#u`$hFbZ&6$$@~&{
zl&W<&91Eya1{twY`2;}V<IxCF(UbBP?R36V6QEYLp(&KRSn(FwgW5dIHcJXtA*<br
zjiMfSNp%bq8{X900t}BsJi;Cflc)faJ$V#MxWR24gowf+4loxBS%#<VD>^DAI{sa5
zNF9SnF*_*!PcpVt5hv$W|0+{o+bgEi8E_@ck_ZIo76n`4PbzQKNhg2|e?^|r9Y{$)
z@2zAMvAc$ZPYM7fAuZ(&@)3#<)xN3tcL{?T5mJ;J(CSu2dduO;XOTqE$G6yz1-11`
zf$B-ujKpHGW!#@NH_%Si3EFv78BwgnIj-g#WMnNJI}ZSpRpshRD<q0j2DU+(!U7Be
zMhrOeNDxrpiG|_DndqTq!U5CImTD!IYlzeqlgS(>X%#6Or{JXd1;yzjeu2Of+gU7I
z8JI4qVj}Bn;%Qh-4#H&OC~!qtPe>_&lc!2VktdFO@zLlj%Lt*Dyv#dhL2pL^Ry(cJ
zxguand=oFvmM+X@lrn+@-v~roN%|SP_uS@HF5#A}X}w5DWl<RV+k|HNv7Sm4THDVt
zl1{7>Q&jz^n2k?7DZMIWlH(AEBSNS89cieAD(iF;OJ+ju47=qMG*xR-0>F}hT@>Gn
zTcUZEQgIgCB+s?BaX6xoaT<F(rpP+jwln-?TQRqu9I~h9b$e4&HEq=wt-v;j#-Aob
zsQwb?ITOOA>hT?nguINImVK0rCpHg@qa<;H;VdXGLub>4iN5>EnG3UNl}cM#lWWn_
zYy|X~%kwRBBwueA(jz%4WymHOFQ+&h3+9lKbU2Zm9C`{pAu-cbRLBA=Xr929`6Mm~
z3F=}3CI05YfK37imeKf!AuNNw-|3u$$yDlP%n%^*JsneADj8PZph93$m1tS!9gOtB
zEcnGFpXg1l3eD!lZH9zMi2X*G%~3?B5|BMiVU*cwXX@RIWb&A~Udr5&R5aHp=#{G-
zfW$h3U_=p{B+5~BsrzU|h;%Vk3%;rF#3@4CLSS%&>fhAND0{%g>eMjjDo`&N<$l2B
zfXZtFp}yib=ri(Sj*K!+v`@)pm}IVh$MO*4`NO`hk>QWly3Q<<#a2avm|7Nkz?usq
z3uQ7w3(EtXj1(!{@EI8pFcdN@@0d0lH`i(VI-I>w&vMs<5|q?qr|izWvV!wTHl(6>
zh?D)g&nDMf;y=Fy*Ye<y|Ll){zt#(0J({qB$|>4konCf2SErYT2OH7IB=k3Ojbzrt
zB-vX+5FW68hWn{2n2L`eZ`E4*RuajG2>7Mkn>I;pScX$50Vtv*LNu6ZVB~-{s5Wc|
zolZ|dW3;IU#z)a=A}+$Io>412O+yb+E=78d%=8~PQ<f-gjlQs}<)DOVy9crU3}a_~
zdyMaKfMjrn18|r&kbF`6T;A|UG%IO)gJxyzJJ!8dPSW?7GQMSAfU7%z#7FK<g+_vf
z;?@TpsRO&dzV=ASNPy&@LYVM)V0zNMj8TXv_A+zP;{ogG@4cQ7TY943H~no<tM5_g
z&jP93&rsAgun1(XCMeuW_L6ILxnVDj4flrASXHssQufE<I(gGA!M2-eWQeD#3skb-
zE&A#zH)z&P(FNc?6;l%{TI}(k@>m>XBW21c3rvziuq-?D53xCz64W*l=9OJpY*XGw
zxVkp?!BH&Lj8F)zJr$@@X@{KWqa||M(x=i7z5e!JdoMSI<O-<_4UtyKKr4_H1QvuQ
zBXC{gVVvT$)0lC?K8o>%uI0HYl@b8mB0A#}0mL1lH&Tp4pCjaP<Qo>MbCq^F>Wok~
zwak;vOe#+rhjLSCK9%^Tz)V=)4ViWshIT*3x=$zw$apM(GG0)d=@H@+am&5MP_g1P
zm8xQ+_E~s|r%^D|H-9Z^B;Hie^N5;$eQmL#I;6D(=kH6!*$hsD&NHbFa0gWG=>Hyc
zfXUU$#J_veqIMw1*Eb6BgIwYAPy18)>v{5a`2Y-pJ2+$Vo4hg{C}qCxSp1aq2r^!Q
z2Vi&a<tsPXTDihHwxs_B0x!9M6)QuD1nO)iX+l;h@aZ@Vi5rpeQWLk&kEsnQ-LsaF
z6O&DKTo;^>RFv6&?f&!IO=EgcneKe0x|BLYvu#oZjOj;+Djo>}^;zCuahQa*z4<3g
z^1UnRgh`O(zwi_XkQ(c(FN1sxQvv0pKH_Xkn>I;jt{+Ywm7;F{a~P1}_7n<mwlg>Q
zZ9SG<yO(mV{%jg-YH=-@b}jFxp;vORyVYGj<p5$?{uU#Og(Pu_)C3(0N<U}d+R`Fl
zONvVIL`{I8gE;EMg;LLqf`MiA5YCynqa;QwL_u<8`DB_u6VQd@UWo2`8tUFHhCSF*
z6D$wuqO#x8|Bw+F2V@9?^liAjN66|P5zv1I%tIlhn6NEyhrkrhlmR4ryo(!_)ZU>;
zT*gBWi>}1>a2g>0kqvF~4|lEmyw%d#{2u@)I)L5$x3u5;s(zhgWGW>crbEtYQSsxK
z-s0BP!tvv6=O2z~`A2cC3O{vR6v)GL@AyeHwDS*}hL`cM=b1HdpZjS~H(YGQ{89zQ
z<(t7VS$c^znoq>$P<A*lL;<<e+r+rNL{O=-CA4}e_rVY3PKZETfW<@Icvte0J-G>u
zQrc5-&U3*WAOm+O2(k(ZDW16cGkx8J<gTFQ%NVDLd_bU%Hpy9((MYfW&)gZcdD!g9
z<Q7wM84&YisV$`gfH8i*;fQhZN5=rY+pk}DuSVT`4Wk&4HN+nkBbV1Lj$Evpui--u
zhma}Q{9(noWi^YV=4;9|d7^aiVLTloYBOyvmPSvn4IGMdks-F_G~X(+7A(IWkq%n2
zDVAnRACE@Ziv!*VgAl+}`wH&Ng0W01wwgvs9QgxEEN!)t%;HfsYS6l*Vv#f@6`ivw
zwPSa1wpD=NI4xwNuE8KMMv!D5$`d)wlD8&>C*y>of@6%#dZ#6pR7hh$%Z=`2r!w=Z
z#wvlL-{}++|H%}zO6)YrE^ZKtln5z@_9$V@vPD}8NWq>$6Pi#==G(*LEim}`Qh8rY
zafpS`*Y6nd>|+|b?w5^c>0;dkOr?g<3{<JOk{paGkD-s5B$}N#Fu7>LK-^5UC?o;L
zp>&8zjD{nK1G%zip{K9wp+7XKUZjW^1k&FGbGBuKGr5gu)?y{I@2j{>iH0q?1g1u>
zR@R2mwkAh{(&P}Pu-pQXvfN8gI<72W0=eG;b={cC>xl9<%DRPt5e_k%=(~G1pP{rg
zB1g)$SuS{M!i&I1Xllv>C5XpZd+dmdHIgeQe|660P!!kabk3~X0w&T<x6L8DVcW)k
z3DKUu3T^wy3m`>34M0zU`b_x?_huyS4bd2fn~76UX&ygLbPxxv7R*L(d=37m_|Lwj
zIg$E&9#d(b%;J;N%xk^s5ejEkR=D(4j8exRSgLpwjtG^{rIMNd1cTs{%#LPOUeeV;
z>at_>j=FQJQesH!hKTovh{Jw%qO()@=8u1Ob<&!DcMrrLj3~F8e|Hc5-L+8qclXaf
zyNUt-EDoaVROtELN>uBH70U;DYGMB>rc<S8dG&Hn&%eC*L=<_LnR(c95l~(pO;VXR
zN^7n8l(K5bOirSbn!H2?lFC@+G@{;1=`2Dea$LXT$P(mZ76ovYUbRWgqgck+g+RYE
z9>sy#Dr&zSX%o699ozXGLLn%gFUA%Y`rzY{jD-l^iwVRqNVkgMEjm!5U@@N({-IA6
ztp*0U4jj?=jF*wI9~hq+xjZ!^5(l#MQ?x!h!<udBrEH`M?JKDCCXyiTU}$>q)YmZ&
zx1JM<!1?>jtG5@&m!Cdd9$##we;$2j{c%3Hy!`q7#gX;X$=S)((RZH)7jG|%zy3Tp
zJvzCNbAJBzXmB;?gMqflQ6%`ZR5m(6m;OD<GtV>UMHx~1nkuD4m)fJSM+uR3CB1X?
zs!mkblEn(T&{$tyi1y35W?9v*vU(}UFlI8br0VWWT61NG48b)HF+VhC)pZ{Xq$OpD
zLNvl$HNq@szsAgREF!*<4uOFO43XIC6nb1bR>^~kiES<}UcONblT7ejA2UwzFjmr!
zgl__=pLXhzkZ}sJIA;QUgTVU;g_jdN;$o%+Gf95fl9wiNX+v1X`_)=sN#Z2Xn*eLX
z-pbT9i2^v7NhdZ=X9{zr$e9TWdiol6;IN&rGA;a@E{r+pZsjW&yNYCGTl1py>1u2;
zRbpM=n@owH{c4Py>O?vx{&NPPeoLyQX5(;T8{P%8wGHp4iESDGumAe5K1`maCSsk;
zjrKhjl3?DM2M$Thb3i1DO3TDiqK|V32ObGM6mgbw&Vh{KaoCH9-xGq~_A@hD4~BjZ
zh8*|IFPr^NXTYSLA-xo3&Cw=<kr4iPULqIgvov1l{<hR#_7F+{ktsnFtkc_w-ZCFk
z8F4x-(L&~&iHjnnYHP5?;w;c!zE`Q<LErHt{UYL<m&G#XD8JrHKZG0?J`$?F3v6;9
zt!t<{?5-$@1%sRrB356gQ?)9zLzj<Wp!T`K1t3ZZ6`U`CT4d0y^Es35_aM0_gO74=
z^6aQ!9Ah6<_<ku_ATUnAcJrPPoz+derz~^I!3%td#uWMzrv?4mGDyd=JDq7V@x0Iu
z0#!cDwfxp>*MAaj>%p|I8aTxs3I(4yB+-oG@q~l_>5*vmzrfzk-kzE4PDj`Cf%KA=
z*bXA-O_1qf3;d+L3-|gvU_(^s>QCLx|J9MQGn`35L)~VuvZ9-WebSG38U<KB#7smr
z-9=wIc8LziP#SF^5Kx-EscQkqm04TN*unPp-Q8UuN+|n;j<*9<i*28t93G!t9{2Y8
zJDtvlP(JWag6|J!#>Y}duY`AE(Zey-S1}xdJBr29+5(J>_#LFElblnT2{KS&>mXCl
zCSVA<gG+F7*#+MXE>AAEIzOLW{qX+775I5@aWOc%Iyt@s?=QgN`?I5ytCRO<m*D;P
zU~u-|;K!4*qb+lSq0f;_l}M<(Z((t*Gq-LtxOpCsNGJge$FUGK#^UxE>emmpO}Qfl
zbj{!j==8sODu3s4L&C8+f^7F#^^0QL+fwZ;4RH&Nv9q(Yv;XRq{O``rPX52UJNw^$
zwfk!S<=(4TyZgJZzS`N_dA0NME3nf#wvG}r4(V4rOOKUD?vWHLq{l%A01t9BCUkZH
zPBKSO2S!+*2nXPHuLGkf`E#$o(|^_R(~J}cU;s|>kU~0Br@As*2;L>LNGi*Q6bJ$`
z#$IxH)~6vbDqH}rGLHhqaig@DlA8}_0CR?dQNJ@GQ*;0pm$Ew86L6aj>|@y{cVR%F
z&$a_HCM-#PIED14ABE%24Vp=}$AeB!qt)qw2?`=aJ3YYBG!oKIrw2xHC^e*=p24&u
zK+#G>(OmgRm}44%m<Bbl>ZoRVY#nb%bT_|cT1T9&HrgFNi_ifG6dgOaS!zG@vVAHo
zm0JAY^2AtVj5+*&XLo-;&;R#d?L6`Sb(Ck%K#mhWdj{02NLz+JJlQ@x(hrTr{Wqe-
zLyRHT7xn)ic7r41n<KLYb)G%z*nb=Dr0!o&?Bk0mwf4U`!`SwxR2$LfQB7_zXaDc-
zzs~Rfm#_BspZ5Pc${&AhzW}#*dLUIv;tDU${WnuFE#3qjfEU|;{@Lk>YMl!ttz=N%
zl!2`@vf^%Z{`dpn&<kQ8fv#FVeQVK3Q*B>#&;=Vl_BiO?pjj7mzkmO}3%cs0>4J>_
zGY-1n4KBLk|Nn1ya})Ib{IesW`QwkCQTNUnK{Sb^>6aq^NIng@^d`uU100S|lrcm7
zd@LUp2?<Af!Ky|m^w5F!;hIA3O^($S-AK!-^uP_89e_Xn0MeWP&p$2CJEDWu2zlE2
zS)qB5anTc4QTZ~wub;GLdJ^M^A;3NOEhZf0zl!E4^v%zA2#+WH0PJ?mhhCA6Qv1FP
z9YqJLrK1`_G%?3feKLw3E_DpBD@3P>EAk_vWd-$?AY4K-vDv$zt9HvuD5!|1aKa;i
zegl2^CR~rHF_&NKagDy!Aqp7E_NvxPlU`MeOs{&rE9PEuKuh1gol~*br$<Em96$8P
zG$J7ic|r@Bpz57iv?@4R7xaHpB6<FcXf4f3UGQ~nI$0nXw7*V(00(bUkAp7gryr8K
z1t6>@5~od21axuMoX)z~)Mn#Jd%oH2>292+Lmo)tZscj9qF(i<nd#NDxC!n-h?O7T
z?oM`_>IEGV4mQv<;xlW~HuF_ML~+PRpbMiY=dO`7Iso6Wu08XG;Vk~1=QCg5pxGAq
zTJBmg|3#wYA^KV|ILYjEJ109T44inPWca3ImCK50<g|2Jivw{Ik${Y6KML-fou3I|
z>5Gy2$69-vGjqs2%;ro_!S!v<=I3qCy$Rdfg8#HvX6^mA{O)t?y#;q(?R}RUvbg7#
z+i`XFTg47*ZF8+h5K$wwAct5dWqV?XwZrF0A?@G)n%@6C7$xDJ>S_S0@Bh2Id#_*R
z@BiQKzk0g=ucIt*|F@#b+P<|qz){(D%q$$iakTv?J=X9jIXU$M1$+PGKiYlR6)S4>
ztZH)0T7R1(v43d8`D5C;Z+bBUl=f`zTRloUBh<Q^=%`YZL=?-gx{2Y=csKc&(O4Sl
zhOs|JykC!Ik#^Hf`pZy`q3JE6hh!Q-ia_^2cKds~y`66HtS?^&{mrC9d0vCA8glz~
zcZfLL?PjO7tZuipxzhg08u5Cwl=Eq>J6Yc@Jy&V0lzQ`(diwWo{wWXsHmA;`B>a^O
zYfhS}z0S2Y6areksWMgDo1XM3PR$vz8q}Vo-B)X0R4|HIs}sdI<Y*KJtTvmnTdZ@c
zH0lpAN&0z5%?UEKOD4x0KDt`PC##2~R*fn~SbmrV>mK-DOAqW~r>$_|r&(L~*>&;V
z;4sbGRdZL-A@myXo8`}YHDJsqgzD&Rji#`wd3#fNcyUyB0zK+Cn7`$h9*l6h>>Ev8
zNz3+TZE${~^X$}|I~ZZpp#Bu@v@wM`9BcFSSK79{Y5YMfZ4z?%OwI>`m=or~0MVMW
zI*DKdiS%XD=}h#S_6aLyZm%#`8gd+tw{Q1kl{u4JXizq-a~szu2LqhO$OJN%FVUs*
zrwLPx8F<-$`Hy~Q0Pf&S<#0gWO-b!LsN6kq$Yro~>59*BkW_ftf7#zrFAK6aYSE3J
z<t-fxJc(bJ4M5iY<Ig|403=SXee;A$fQ6YowhRkO(HMP}ie32*6hR-5kyOKu%3%P1
z{t1T2gE2#@XB>_bH~t%>JY-E>9D@IN*?%cc9~r+<K8@(glxZXAAvq%>5{G_QJ*DY)
zUc9)Hp|&ZSl3SS^0GS}&90p|koXI!*(>Qcd<Hd`bLbZ-vY{8n@57x|d|Jb<wxYPUB
zFPkqu{=a|z^5V}wzwUyK%=CbJz{#bIu?n=NUi2fEPt|IBXkFP~u{72Hsux`KeZRh%
z@Bj63_tkDr|GT&U>dF6qEv26RSF-sloqk0w0mW!y^K?!>B~^B~BoJ^WHouIuAQ;#X
zse1iR=L3Udbf65Cw=lrI6b6pP06RP2;7!47l2&5cv!*X&;-J3lGBGE~Z$C;aQUv*=
z&q)%JW@o1hx;k>H`NtWYqAuu;FbaIxL{;tW>~z!fxd7qrsvz8L0O4)|VF47qSM?jg
zq<dC`#6~MIwK*tKoPy1)QCr9a7shWmNi`(jlIr-9`O!cR=%b(qOv^qv6#$TtRa*z;
zW;(S5l`_YcIDB+GM!EDbH;I8Jl-!v^QjBX1p*?Vz{3{*rT!#zOZ?a2I#d%Yjn(y*c
zB@OSt5*$iHeQ_3S<0K4yM|&eN_I290{t5e_-<sO?hp#1!dQK1CfbPFT6F%V*9A8|#
zzffs><bKpih0ODCDrX_xzqw7W;wPxVyXAwv(V}GL$L_z2$sW_-<>(fLI>Ze{c5Wb*
zC&~^1HH9;=078U(C7AIEnwej3^yAY)1}NakC`qk={e4X3gH8Jhut~Ne-?Iw1IB4gQ
z^7gY7`JP&SJsEzym(WGmH&2WgK=GSgBkeDdsa9N&_bMRMx=q$krNz=z{!>|5T9yA^
z?f?JmeQS5yII`e({t7IezOlM3+OiYpUeEgOI!<QBr@IrcoleedXHFX;Aqj1YU;s#t
zrjz~cd+;IwK1E4>WZIl_dK?i13WX}5s!)%;=Oy`XZ~syLyNjoT{AXERRM7&R<VHIS
zmBbHCD)Rq)unm;7A^&+n2+#fGjQqnVNVNvOy1h3dMcrxaj*!V|rbdt~YjAW7f^5vd
zys{gcWN($tv(iY}2Mh^uh7&3e*CT6Oj_4F8>O64!;c#p#y|%@t+SNgOFQ^_2%*H*e
zJjvslFKYb~tiQ!@IiwLDBgSoTtO*|j|9=-w7kkdf6&+Q~+8*3E=6%O@zhmNmeqm<C
z^|7FF#%?tfYLeB7sLmvrWq48*4pbdpupOb4B3Xv+NM^Tisg0r}LiBtV$LcF)j6uBy
zCP?$<1y;z!?OJXa?9{*8@8!JWdcG{fI1W^n=xY5g2w8$Ba9X5Kn@n`LgH47uj{2Ez
zV`+qA08^Q|*ZDQ5BwqJlo-?#A7}hTXmEI8`cm%d>e^jfRo?MS2T8;{kIs?m5OiZ{8
z7b(EufU!CHM?y7Kg>AI{E`)3&0yGeLi8D4%>IGG^g}f`^X(w|1)~JhOA2)wH3vF7|
zyR7LYt!%de1}WV&@HEy22Q_im)Zl}_#-F);=sgrRyYuNhAZEQs`LDD5uN^zOC;)Bp
z|FaiG`|rWt;4%LHPM$9Qzkkz-R>2U4*MfFYqLL^=X@LvLG=*FiXwPckSq{P{=V#{j
ziP@&#@@b+;OplWBy)L<`Eus3Y{+E7tPAJdc>3<dNljoK-(&{raL<TkW&{V-!-M9U<
z7$^IB_blN7kUxpd0BjSg)57<%B<1?99-Q$k0WGI6VOdtZyf~{Y%&n5i%R<h^+-Zsw
z0#z3UCmfAY$<+BuAkMaPzSD`W#cOj3X}CK(_(@W404*&}ru|sA??=ZiH{n%2Xq6Y@
zgo17K$?3exTd7xWRqtA)2C!CMZP+#`<nL8sBI~_e+2ZxNekX&D>pE2BkdACMPq5k<
z1HM{Hzchx4{HX-M@nqMiG9BWCyS?@DccYj<e)z2T-V7&6wLIV#L1GnWTC-=sxpFDs
zR2<maGeGPELb!XkND+|t8L|Ys$r!xE#$axv&vh@pI&IrXw)~kzXxkMYGXL4xL#E^+
zBh$7vJ8LN9tmb8*r*;}c#^i3Z7Cz4ky>-NE`SWH6r0(dwb?j!y4H4!2DNNv4-bm;R
zEh|}?+&yK{O*~Fe<k__mb&dF}vVca6{keC6MtNp0d$cSY?o6!Pu150iR<@vhyPNjK
z6@CA#x)#R(Vm#N%te$GDab};kCf=-hHH>O*Db-drf$T@L08ZC_5fQpNfVv8yVw+#;
zvzF#=yd#fUABI!p_w4QM&*F^IRsPqZx|_8B4+ew%qW%B*;qyoN|1O>m_J2#3mxWg#
zja0xltKAMXwV38=4=4v=XEIKGJhMKFCMcc;Y@+D1;S>2@e^VaM)D~A_j=4@Zf?Bz~
z+FGLiaN&NToo=gbZ#wu}*Lxv}4*CgXiBYCw<n5SuRoP@7x-Hsp>jcfOi{7rN`ZwGV
z|71_s{a=wxr|rM}{`a7C|NHFG|L<;|4*UP>&#5U<ooE9|R=Td<U|{bt{k(||g_hsS
z-NcBWqUGB;q7+96d=YY35`x16`6r%U&PF5r8TkFOOs{}E)rDte%3ukmfZ2FGL#ABK
zbyXVGN^YcW6VL}r`QEbsosgaFiKxGgA>xZHvI9c|{2zSa|K_hgDVQN{G>hW}_%wqt
z9$}%Fq^X>2;C(=<ciEncF$Cl+b3tch>eTPbwMM13Sk;_lQvYpJz~{}SXe%vYDGGam
zcQ!J<V5*bM$=<>}&JA1=@6wH40I#8K#<^%%QX~zXn3ox?^a~+~r3Opk-Bux=B-$fj
zX?nHb%+R5FagWXnR_E8w02Zmx=}nE>h1i-k<W?fg>J%@&Nm{H|r4=>i)3XTEWQ7vL
zXj63FPW$Dlma5Hroy^8iPqFdRSDXzn+00@M+Q2c5tv0|m8G78ImSvry->b_)m2cN(
zrOIA6%~B__nw{lUYgPGEZq7uZCqlaN%q-@(Z<hkhN_y&&D?{mhY7*$TAIdsURK*6H
zy{+A0>svUeb#SQQ?y%d`9d$reYS(7a++p}B%aOS30aJyE0zs7Ql*J<|=+(8c({c4W
zQO_O7e_iE&6^*dT``^K{z2^s|``^d<A9wR~kpHvmUqu7@*lajA4XrpwrMXbO)bTA<
zW@opJI8x<7BK8l(Ek5w4i|o&)3*JIkeel}(VK<9Cd7G-JP<2Ntt1s(1VAd6|@%K}8
z7W1kIV2tM|F=~Y@jIFZlWzvQfFe>XZ>!Xn*NS3A~H|j<KbF=ZQ+d&f>vn@-js>|aH
z`91l`5Qf(`kVg3hJdQD61QLQDa55t66h_%HvsdFvoR*fuj^WAisHzCa*~?O)cm!^c
zs_x9t98nk-G0McgZs*3i?b~dZLQ4Wn`=;;QS!X9`1%jNekBg^^7Iezrb<`F6Iv~18
z_4(;8J)TPU&iT!n`aZEGECX{;eQcLSzuKlYpg9K2^s5Dd;;wUz7E5h9GKJ(CdyYy$
zd5xsovH!TS+{MOnjTY76fNv~&lW1i23;Ag~d&{-VXjF7?bgUA*J8WCQHEx>O65qIA
zxXy>=9>s`1!!$L{@Ron1faMtABtoB?zIu`YUGL)9%50{Kc3#T@I0*$5af;C#$-29E
zlvV2wrJx=y#glosq`FbDT)UiLSEDk!JP3Rptr)#`Q^FSGX9pEAwflY#_%TYxeBy(_
zo?JsB)=>HoxEj3kccb%|X8jVyg1$qtPt{63&9VxCn+c+-vSWs0%mCxEx^@#U6nd^;
z235YoMil7Fc-sG|I{R<8x8kN`qWp~acg3c(15hwN5+WG;6lWOr1MmUIF-UQE4MvzU
zp4X7o4uP6KBh{G#Rjmo=OaG#Lw-hj|H+rUdm3Io0h)grYsczJAf<AajNQ_|OcJ*O`
zWW**XLTv<WF&z?hH@8IBx%Hw#%qgsgGUCXMS;o#Xh@-rIof2(~?TO8X+IHR+pA7n?
z0A){BV5gA`L)B?cR25cTWKKs&%Yj^O7Q{Ochl66^>=Y_dsoJ2n&qe@Nkgynw%o4jq
zsyxOG?HTMoW%|pU8jL|NgH_!tKwdFSp1Va7dsa$TjRhIYf`Gx(YqV$_hMVLlin2}V
z^TIitv!t;XDpaDV=K-)Efb%S_-Ar|kVUbC4<cSS4XIEx`Ht2DAwGn>l_bC}PV_9f#
z0k+^EP&$G7gPE-4@5~!%9?g)d8&*#GAOIJVHR6TEEd_Mx8J~az-55?PV^lAnW_w-7
zR?0C79qPqXXYWt|<pYbk<>0j*|K(#RI~bp2kR2TZ-v?QcpXSZN&-qqROuV1HFilOz
zdKa_W5B5Nyr=K;}G+-#}M<t>Z&(RsjF$>0s|A-cUrDQ60b-Vly^FdJ9`mF;jS61qV
zeQ$Eu*A6UOh@pS9#A|s>SI(hvbhSLMAcs=diV3-%rNEzy<J(B;Pbv+u%801fw--dB
zi(JLAJGMnQ?F(kVwu}6@<Y0ucQfnuX{vQ>Yq>Zdqk#^x-E@pr9zhfVL5D}#ET<L8t
zJJi+tkBM)lX-01fx!0b+HS21HKIOBlX={aTegVV7XDA8nncMTWq5=z{PAGxH7)5R{
zsbQ>Ro15xlbe<U3%X5oOi}_QkDbI+M27M-VibSJt!0;`IDu~sN7b}7ylOU{=0j4~w
zetB))SELV7X<4cPv9y&<rGcr3rIN4R*s4HFWQE1Q<TRVfc1&&%1>54RIEm8<1cP2r
z{qxOiiYN}jpa-^RX<BaeMdwoa&9CEM*`9?Mm-gbi56~EWzEGF-Cvp4}=F&#xfBg8t
z!i5Zh{vw1o#wmEdZ0ETKCUr24iM)lwaBMOgjbc>EdexgwY2pG=Z)VdHcnw`vJM=rM
zV`>v@y^H#d7PlctDVk$4V`ZrU+Ttf$Mtf8(+jPczQ`kBR@NGhinQh-aF4sFM%ctaH
z`n^B*)A|076AH&@lkuN}!C|rf%l?ZOkM&>g<msOO#m**hsi*<Sn4ikMTa!yD8svc|
zS$ZycDPCcXw;C*)45lztuHxwz5=LqGwK@-+m;G{HmZC*hhwqm@v+H)bBOW(@)OblE
z_v!Li`qei2Brk%TCcT1b*__{Y8x{2U(f{b%84+xmqU~EH#8g98JDbOY<l#MC_y0UA
z!}2FU%l^N2xc8#y|8emAG5^<{Je~IcBtkT^C@O<(W}Y=P(&R{4k<tUWIXx<l0%ed`
z)-SR=L}3Rn-Qmr1<4C^q@iaDX?DQ{H)x+#hwu5<QKKTcn#=YvVA5aF6uKceoft!v0
z*xM`Re|~oO=>K&mPY3>2!TdN;`SN8bEhk_sba|s$>wCTW9YB$fzN#D}uKB)Mr8h~B
z^{?`qzWH&<eW7OHOuL>#YP^1`VV2{)Bd?SBdq_>CPV_k?l<P{as)MgzkDqK`&xR=E
zu|$qBI#_PIfBaGHV65KemKmLeLF?(DPr&btBw}+s_WzJ(??ALrLH}RBe)Yi@FoX;p
zJ_CK3j;?5+c{#&z1W+;ub4b+{nsP9K%J05)<qB9(%Vw5hy69(@!R>2N=*lvI$~V#p
zDvhzUcrfvY%n2>zT|Hsz3uz)eg$(_*^r^Ho_KR7pieuP^L~U<*;;On9+dvsB1JJ7w
zh~+<XyJc-JHNF`<KYB-$OwD1bR<L#D8ZU1$cM0{cPCQlWIJa1d+32e*YXt*8_r1})
zr>~uS>tlJ|@VCR?WliP6)k4-xuVyw<$!Evvr(bbNlPb4+isl$8PkfYcOtnh{8G)zY
zv8UQb32*{TG2$o9w=sDN@EHQfVB1_K<-oWUV!b#vpH-RSGGpvqtY3crs6LTBf(E;+
zy74tQv~GSKzYIXAZmF%Il7*zpPYe>0^mXfHNUr{(vf#UOjTQr!4yDIVS4wooD|&qC
z>B~#_>>WjOL>c-~{CIQ>^gnegm&)v>#YJB2(ln^Nbm}?RmKHe_+{J?Oy;-C6UNaqd
z7?S7X^AMh{^8XE_2~NhHRDf3d?_R0?_u%<s{qH+@I>`SY)Y1buBr~oHzEBd!G71Zh
zo5cQ%YIOT|aNLmo`+^YOwA)wqX4_0*5`pc^GT|G?V;@)vy?Z+QXE8VT7j+N(SDZw^
z@6(STqaU7pVH3Fj{P4(Ei9tV{T)a7Z^S2{#k<T7Ph@+6B2y6?H+)5n&_3M%NMYQ?)
zwYLMb$dP2VFH}N5bzL4W07YV&DA6u-a87Vk#<s2vmdXNU(m4zzb4*F10w<(<c6|j3
zjT=OnDMBHg_+*}zz8<A7M(JBEJ<E3Sc!d0$JRSFc%eQ6sw-7Q0lZe8W!=PpVf4(<3
zEbRZ!5BDDL|L)}Ju>Wf>AOud$y62hk@{&Q2sxpP85?{;sN#zukby#N{GKpU^M=s;Y
z?`jOoxqrA3Cc2$+`N$`0lA%+i{XUEzd<J!9{$PC#ts2*Om{obF2bptvK9UKWgDn4+
zP=VF}yi!`<k(zJq8M!QSEgiHF{!*dQ<UQyvOMz8Rf7<<Tsg6|JLJ!gK7l!CLMI-!q
zscx>(B2XU{dNSUEwjW`x8|5(!g)v>1HYrvRssx88#n>O2fwmY$Chu5#=A}l6N=oTQ
z3zfY3SkZXZ#Urvb-CB3Z3gY$K0L$%Q<#*M-jrj#k`yL>39Hgasd8XeA_et9yvC<u}
zAp^tgGmbH&3oA%K*|cR=20Wf{V{#+35cAi#xwW#2$sE$KUERaB(F(R>U<+~(Es80+
z0q1=x-YUk~8GCoZ6QQZgr90Zx!fVdWr_ych&F)sc=*usL>1T;muuX;aD`F<rfP2U0
zD0aRYH}5Ko_qupD-tcO@JK@|u3XBAi$qG6x@Pp?*dlD^cUgWZ><#gXXx_CZ5Yw3Se
zNHL6tt){>h{qM!$elh>!^Zn<K`rn;AtLT3}i*<kXa^u>cp{EC<`<aQ>YJM^TdOfYr
zjBz_UUj<4#X?*5;-5s3q$;wJ!p|5I{57KagISToVR$i(V0kWDGdz$e{z3N!#M;x@`
zgBrE*f)HM#I#TPE?~Gc}k2rpfn~BxOO#j^aeY^VF{QU(=V;o8nshdu@MY-1psuCAh
zsa7p^8rG}EnnwC!i8rhrI}o_DkwDsnvPv*+iQuX<WY;m$u7&2n&?`H*Z`uf9FkMFS
zM$HgKe|vlSs(_Ha`}h_w_zg&?VXAuSt7yLj5$0dr0-CB|YR1@~#gMbi3Aiy^&IW~n
zW#C@Hm}9!F=x-H6&XV11*o<Q)(P7<JG~v|svZevYbo;=~H}-bgg~uGB?iP(Vx5#eJ
z6xQK0`$X!(ST)~m*f1yfx5LWjV)i$=syX;AD{AkORV!xye!ph8wd_A68I!f`KZCtz
z2gUrq&-Y(E#(&(&vy%Nstoy5%|3T6CFPk?4X`*^KMj(5(^_Cz7_L{aJd#GD72$j*>
z%^;+|--toT?W@Kh)NICayQneav>KHPld3l=Jv4*RE6Cvxvf}rV{`sy9N|(sQd6Z2_
z>RoG3Co?{IozsfdPevCtW+?gd>v}TlVlT0wXwgM)!TP0a5H<)8(k!O8x<7$gOnqQ8
z**c?U{j?k71Z5SbT!7{FZE}SZ?Lpb(7~)Hq<nnE)%^0U!E<yCFeV-xT&(cb7&;q9c
zd9=MPD{O4e_9lg|;YQTPCE#AgCZN0hwry{E5*^lkRoh!lFYDUgbhi)O_O`TzrcQ#s
zO$*J2^_<!{w3%rvhFZZ)bE_uNCY9vdU7GdnqGri%-!6LJrkOi=*0TS}{QvENpl$wN
z&r9`xpYQEI#(&<)vy%O9aru9K+PvY<sU~s%W<NQ}TlM^sBixdiuZYZUMn3uVMofHm
zPb+$SIl!#!?`8M$=<W6B?N!$BB}e}Wj9T~Y>*eg656Y@^&z@e203ZFl?#I^Ddgg7;
z(zL0Aza8dPG%VTaw{2sRQ&@VnSG6xy_OY&YNp||cZA(iVG3rIP+caU^4tuR_xlnxd
zjr(&|i_zcQYA$ag%yz?v?Z>t1vyS~IZ{KVLYVrRX9G2`qhkK9le|Ph&V*fc;>wX(X
zAd93Pj3p?Csoorvw^`37WQ}z@hM{T%cd`yyU96b~rlO}x6H%sJX6<eDtG!pT+nZlm
zZs=$k!_t)+yo;(wt2C?x?qPF})|7IyO3c=)`Q_&IdTj-7Y$(M{84B0DqA_GGWG5=L
zS215b*N#vzL~%VDklodw&`6w1t-$S?7n*1GkPHp0iO&%VafGt^c1QpwPDEWSNW<B5
z=9P(U#!z4?9633;uhF7UMt$?H>0GNVoG&wr>&pKIT2+M?CmL#VgcUaN+C!yz2Cg_=
zP-1FoDpj_!#<9p#QHrdR-};qPuC<Ex?#<TJeu8$hM6~y39drs&wWWSL5NL6bc8A$&
zP1z(e-!87H1xvLJspn3oL7%Q2qie?-HdR?u>_{=I8Lb*RTGMi6FV@30Um0UZNhIvJ
z1T|viEgC~Ms~#*pqg&ZM@}|FJ7ozPuh?JGftl2=fz~-^EBr>`+ovJ=6w@hkDyL1Xw
zk9Z3^i7l+Iww1Wz?l(-umGjx$?q(yp<4#xXwWX^K?|1fS>FQfvrEdETlS}QKT1cjb
zB+>$#+w{=X?tbjY>)3xOitsXpAX@zY4iEPB3ijV;FCObZ-p%8!VgSAn3x7M|zlx?F
zjO|x~Q*ZW_uh+Bqsu6C-*jqy8a%Nfe*>V=yT8BHQlWVkKK`Pr8I+7(PAjSVe(R)N$
zjfu|b%=#plt8aW&3#s0Q&4q+X7hpSgev>7U3iI%*oG5y&UzI;VpDL$jOoMgi_FB1m
z89%V1vAEg`tn4HhVP+d2JE1BwA+{sQZn`vj94G-`7oX^VVd!MWC*9XmlW;qXGltGP
zf%zb;`Bvq^97F4P5<1wfx1eTo7x0^*wcO{L>@5GY0<|^x&e<*NZQJe^Tsv@QKRJ8!
zZ{Kj;W`<H5Y|~j?eJFG@K2`Uzre>x(eUK(6b>gX7l133zvtJt1(jub|&Rf*6HYSDC
zAN%#otiG|=tQqyE6BJ&v>=s7iTf#4Ue98<)nUd$s2CjG#Y-^bT{P!^!JnJpJ5|v`d
z8uVY;pJnW_Pad<WyT{jd2brs<&O*ON_7Vf=vY;!T9YtuH#Sc8H8{XzvLEbIQc;EWd
zxBjf7|Jx^BlNF#v|9^IPP}Khq2Zzre_5ZtgR#E@8IxN~qMSqCOy1tU#WqZlkrz9Ee
z?TO80yD0KyMStZ_ex0tLIWuSxslT_U#pIgN2Adsikd3yC$X6%nsj|nFxT%^#xdd`y
z89-_s_GXsVMviwAUDlctBZ)|;ld<j!CzgZ~EZ{VDq8)Q(ug0E|ixsu@l<ILA7^4JH
z$WgSre3+%K0^c^iYNqF=fr%i8)kD<#JuD&D=SP*Q7#(ERF-Ku)ryhoraY<dsX*kFh
zx>hgJHS#OUOD`whW>jWM&Np&<`<!a$;ulL4w6f%M(YM>?(y;aCBh%b1(-c&VQtzPe
zPR}%z1#qqTS%zdW!&GV@qo4~@y1Y}gS*}{BJ?FT(;7TP@n~7OAD&M#5PJy2*KRpwK
zY5h{Z?VgwJxu48o7BMQ=K_6vKlQH6_GfGjC8x?)OXt;q%l<gdP$0*oO%t&=ulOMe!
zuao(ENNp#{8ZdGl2E5DF<xn+Iq<!=;`Is1Q#P8V0q(akCgDc3z%4rM)y&6X^*8-rr
zfBGGJTHe;O0?jarz|($Th($u(I({OW>s>%V0h1^YT3AjR`RZH083dLv@i6q7rR4u$
zg5oJ2CxoI^#%PiM_nz+;>;LW@?!9=F|L@}20_Tv6or($CR%<MdodgVLIF7_Fp2F}N
zju8vIE%0uF8DO(CC6qJ3CMb@j&kLAB9!_vF-T@TFkmI>NHuK+M5_wx7L1X15y{$|W
z+8Y)8k6r-YCh-E0M1Cni0x6;(#t90%;ML`Cm*SA~w!o<*O7Q;l5=59XFBoIKEB~v&
z_k!WS=&t;)`C&5N75_2+Wb<S<?`R0a>scywALe}@u$$ETJ{ZDl@B4sHQ}6r#=WT)a
zkYX}p;Oy0F<^?GwzoU?Q0ge#dRqZJG-3#U{BoW&EhO81x@&Co^lUF~#4yMs+V>I*s
z;oghE3zz=~FJ3%*%>Q#I&lY%zc><@{aKle{NQKmLDk#A7PQb5!NAcAC`JdYp&Qo@@
zyDJWcfK7HI60%)RQXI0~ST+4k)6kY^)06h^F(tE9Y$=MaKupFs1VhAckl1iEAnLoo
z^R~9YyPy8@>caD`uC9b+?L{a>NraLRBQ3p)v-L>#C(n6pN<9LD;B)ZVc-;_&IiZUq
zU;x*H=rMzkOn3F)VlX-45VDE)1PJg!Ht+(>QX!{itt4D9#qZ6y^MQAbljsNt4IYnw
zhN(A2917`KfUE$nP?^LF7K~<btb8Hmjkft}x=^AK@c)kDn1Bz2#*wdp*xCYT38y5Q
z$!iGDlbf^>L{duTI6@3SgL7lc6Z1+DW#DFl!wCpsB19l*{+EFca}<*lB<M!32bc-L
zT2Vu3{d?w+08^O2F`|Lzy>yn-89?s%zy3HIBABKu@9kRu5=3aet4Jn7X-pPVAsh-}
zRdp}_Nk%|Y=Ber*Cm@Vxj3cT^=bR#`elyGw^SnL~<Ix0h#K0gJ{MQd&Uv+R0><4>4
zsBeT`h(sR(iwKNJ9FrR{Zw`ksl2@+kR>5Eo&LNKFJFP5f>epzME+ZjHkyNH4JQ^V>
z=rR;4r9}+81x`jIoM4UxpkD-3;^e~-N;n>2M1lQ$0k04XDVCZQSo-+_UVlzeC^W3I
zB%Sg054<n^=BMrbrat@PeF0aROJIhnAR&=Z_sED}fiK_!@fl431mXuE-f5&Rl+K8&
z(Deme*)GX{ef!qewh3lTb^gnf3t#;A|N6Zv&<M%|(#Qct{BYNxq$Dy(DPbigk%44a
z{GD)I1z844NTw-CP{K2Sa=XfvODeUXD5R9Ia(kdihB}2Q9O8IMma1Tum3VCVr-~cf
z8E$=6+Qb0%YKIn{1F?PUWALgtUA_8Zhvbk7z2Dl7&5i7~I%C2Zi#^hW?BEeFH}uvB
z05hq#GsJs=pp)QA9R)xW2B?KIq$K&B41@gCzN&%~rYR*U#nK9zHI=85>0yO+?*M0h
z_7y>07EY^&TZEHw$kAvPGgJh0Svc(;ZVyhJ$hej@*4^~b4Vhixq(c~10NDY~i<c*-
zfFed_G(=s%?Z`(_HJD4od3y0`1!Q)GGbJ$&7geAx3#T~AP&lKQFLY<O0cV2v4WZZP
zWpI~;Q}@sf#?ElU6kj4b$01sEUphHIGd<kmx=&KLCVl>$Q2Z~Fa2SJg5`mK$CoF_<
zoA}Um|J3$0p^dn}8aSD9g~96fMCwpdb(!a9;X!clLpNO3!zo3m*OU_4NqD+-scBPB
zXI*HyUOUKdw=TGC>bV_2ZB{^%&VpGwrZ7Tzw1T?96MNqo2RAs50ZQ0R#$;56oQ&}t
zCCYStgXAx&OCeE0WrYa9*$7<acZQ0@uZ$?E?&7c>jZY}K0Wbj)KxuuDzcWr!#fA!E
z0HrD)<hn|6fTGujd13i{WIqjhz*TKDH=a%5xLuXGE8D=zPaBWil}Tac$EI8?*F^na
zr6eiN6{JXKG>c;(TS^OHc?C4>$R-zra6eOejKdP2AT<{7O+fXNs~x})0>7S_&;Gf+
zCEHL!crSB0W}MDs>c9Y0Ody@bv5HAxSCtcZMZ#-D6%B$5G{%h61<+v(Z{QR$upOb4
zq7ZTv9f<=9xI<8sM2Mc}0|A^cj$qU)Og&?k+Sw0w>fi16a@@FyL9VJMUV>`%>6_##
zd9WDEOs#D5ldReyly1_^+HoI8_TB9^8+*E$X71x~|7HY={BamkE7n68UZW(ss#pT>
zH|_2OpkYi+@<4wDP$C#p-PMR=pC~pyIX}xJ<!;MvxRxnp#W<o7;%C2|6X|d^gw)rY
zu^94K1De?u#n=hqI7IGshq8bLnCuQ?GTz<a8~oSq-izJAf9}E*_pPs4A1D1me{i^K
zZR?AK!_V2ZLWmfsLaNa(&LN+?Tcqg9n&3Ib31=pfL@OAnZfM-VvMYZSZGe|5RE`J!
zG$B<l^l1zk6DRvs9a3?j;YN}BZ-UeiQU0^KLA*epW{B}zt|}ol(*wj;eSPr=V3H87
zLwy9Fy!+`AFg#9lJ3PXnJf`K%9OCBM&hV@KdB*<Mk2PYMu`K2dE4HvZL8_Dmeu6_3
z-<GyeH}ncu8k;?}+Ab?%i4_xg6}c8G>pH?T0P2HIIA}KeXb7ZJlv*RPU8uhRCsJ@G
z3Aj>r`+%h=3>b=0$O(175<0~dn}=?jt0sevlvI}!4>v^_t6y_%iZa@0LU~=Njk^MN
zfo8EiB$o4X78fa2>&k2gqQ%=eq7+ANS8X)m`hB=o%2SGzz+>*hM6(6>G=s5NxCp>B
zm9RCMQI~^2{x^joa_$>W;+Wj%5KHA3o3+zvC5f7Jgc=B?8xCwxEF9F$9l%IRd+Ly7
z9LBNSf}b)A*5x3OOIy0TRA0%V(s;&JlO>xtQ){2iytyV%euG+9$ESH?S#v}A2KB3s
zkIfCrvEJSnE%mFoA8IfB=Cv`RR4G+>g)~*nlc6_1aeiISMlzn+pDwaLZCi*mhP`&a
z|L69W>5%Dc92I7<O;BG6eb;D_UF2lw)8Q7^sKW)_TIkEN2}||$K5^7ELkoTR6@U`z
zuPV@&MF|lKDB={OIg-BPcm!Zf5sVfflqW|N*m}GZSk~8BCtVByUwchP?_KvRgJd)I
zz%T!{@ArToqh!n{J{ar)pK(f(ah{+`?EiWg=kJ_|cYykS2dHnQtf$(Z7`0L9FC>fI
zs-ix*qU_4KMl?ASAV?{iOPBU6ip-$apig}tfL8QXdt!Y{k2!}qp>T{g=Yx4ahwkP)
zH}B`vbBI|jNf5@6+2(oMKChPzNYhGAt*H>x7)MEnsy9ljLB*BIdH(jF+gn!KnrjtF
zLGMzPmUdIJ+yj={HY9F6V8P0!L!QQ2QoSTXRFR_ii)A6wGMH6th7c$D?T>RWJgXr^
z6%y#40$H4I7GDh5gv{ayC=gVl9y82Nrc{h5`ZPlcj~C|S&`~<Bo?MAjQ)nZaYJcIl
z-CA_Jw?!Kx^d-y-w@7ju>)NKhibz{^s=u7!I07h{V@i^#3ZSJ}Mk7c8UAaU+B{Fn$
z2U8?l6?5O^kS|Z85VM<^%cbg0RR{|+skESxNmLGj&a}`XxR}}LU*#Zu^P_vkTAW59
zT3m^!Jl_jOluR?@&=nxV-%-f*f?&>6{&~nJou+Z^Brs9`>LPqqPUA<k5R>=`GdpB}
zff1&RTT>7a%fKC|gYY9gRYG-Jtq)3JS&HE?NJ!E*t?g-)h3adx7`T&@qIA{t^se<j
zkNsc4#sB`@)gJKKe%H?mp%3>jIo$X759qNsmX?$p_T}>uNoH=7=p4ChspL>WvQ8?R
zD}9>n=&N6$*JmjsTz&p50U>14*0#vK8+WYGL*<M(&V3>#<i;GE)=?UOOQFoXw^K{~
zb9>9ATaokZftK}i^Bi4Ot)FR9pBxOFaX|Ii0s)&qA;2o%N?B7_x?E<7bh@nHX0mHt
zEr+TH`LwNHA;l8YSD!La*e0hs4_moHKZ{;oy)5K+Uwv82(wT;{pL1P9s?)2ScQQ{3
z!$8VpCUvDDQoi#79%+KZTzd#HKoXr{X+dTR0W*exhC*vi<_1uq>6Z4Rw)Jx|NwLhP
z+;RP6CFM=6Ugi49tWfv7dIE+Aw02bmSFbv+omFyoBMVqwJF7<I{Vt$Y?&VHav1R=V
zH569lJ*#5ITI*L{H<kbVewWP3zI-=4x5T=IkTIA<6gq3yb=^))FB{r7%j=iHdCzN@
z!EsmX*mmZTWK7nVSwt_dUT%Q%K+_^>VDJ0rQ&8OP;U`ToA0SO|GH$oSEMaq5%Pi7r
zNLWH?UrVpIsrp7^C7>jZaWZ}f$KvGI$O3RkW?ZM$(JcUnW4Xy^@jO@E<9ocVEpVBl
z5W^T?i9r@l&=fK&l1y}!r!S&9rsc>3fG<*XBs#>&*aINSm+Qy`!kFe(dQugagc*p5
zi~;fhK%e0>jnNT^<W~VEo@ZrZY8mPxYbgmikDRi5))||2lQB*{dme}5wr*8F9FFa7
z2EpJk81y4F#4za(_WJbj!1K~s9IH_5woWCoM+*Q|_vhJ%S=9t-(0+On-@pZX3h*e0
zL*VSG3=-l`cU1iYhPZ5gHhM$&IYkU5{HcORJBsB1K}zAm0|0ZR^4T^+YSOXB3&0G}
ziRuK9Q4YQd(%Q~zMmzCLf#*eNIJ3|_RK+Dqs8Mq<(aUnXlDk`sucZT_pl<Y;QwVS}
zB6O-EB~)%OW-pQ|J0WQMBvEdDNr-f3Lv-YAWn^hn+?JF4%cYksf&ZG--vZY11A8UB
zEuf~ZA<`+hwt#hCoO6~gDbk83Q-?#f2i9$KU?V}`(ew13xV-Leqs_lf2vezha{xJb
zPvY4Wxfka<;A~`Q&+q#?z#is}%v$FAI;~ZNnShglXdw_9syt&16S1*55c_@K^I#Yv
z#(pLdY6JH~wggiW<)tfY;dTbPKrs41F-LFZ0x<lq*1<0Ezfgw}{_}6x^HRtsZT+6>
ze9^;vAtR@!EY(~SIUCYZi@xP7hr;U?un=27z!s1gkU($An<i`6jAmUgu$*jVlDd{z
z+WDM~^O*4kv?n`V=-#i<;%AtqIFZ|i)0h4|O9iO<)Kb7TT4+Dt3TJHb5+`*)DEQUo
zTO+bnR=y0>Enow?1wbZMibkeL(~oG8p;F*dPFMgo6Fb!h9f>Y;a|4DFhGkk*$%|6L
zw3FN6B)ja~0gOx$;CPCd=->t>k}1dHYZW9w)xCa77{fA+#6k_L-JmgLMQpGjU)`;I
zC*Re$lE3%+{pw7H8Y`=(F$6l4LY+`BO_%>vE#cb~ewv{y9b&#3fBa$jQ)t2e3m6_g
zLrItw|Nr{cb0!_7aX#Z92z0_~l+2GjBT1UnlIJIvmml6<yz+7(b8aqvk33uURH&4t
z%SP^-26Wk;wpq&YIxo-K3V%;@4s!dsMvKM~udN*C%MNHRptBNrU%yKHd0Tb@e2LZq
zN4d=3#!bL6!fOV5^Y-2A%Yc7Y`&390Mq;#1sgb?CyDc`dH&~(E$ddI&T1(8WU3f&U
z&DluoNFzc+adHxt-S?>DPG!&#dzQ?UfsoqDV2mhd&a&yesybc+2>BOG7rK6cOuAlJ
zs$<{ZDPZ&1_a)6gEi_#+t9x;PCx+F36I~QCz1L@}_cFdipHo6Pu(~;ZvVA=pqL9b(
zV^jU1pU0(`z@D5MK%ao$8A$|q$NnFI*z*F54!`<hgM$nmJ_G%z=T)I#uo4OeHVOut
zLBZe_P%tQ>z@)+b#Uy;u&X@!Yg1unR^L~AsfH!20rb9%*;9v*r@9ppH=p0J>CIA=Q
zKp8VSl?u`bCzwr8l*en2F`vwaGFPx5UY$dDi*d+jtWQRLK0$q*8@#sz_yjXBg})PO
z=V?-*R7^}*i!gZ{>jWla#Kid+W0i+jyw9`TYA%y10w-cyAT%XeP)43!c7!0GQPEWt
zsnoM-ss~DjlD!B{)IzUx>&b@FGXR(~6pw^j1!)#wWl;9|?N5Q{egFLj>GP-ozd;lM
ztaA|~T|cCVg#Y#Z_ny}W=f?kB|I8FRFtg_?BkWv}<O*z?ATNQ2;Q|Z^pQw-a<@62=
z?yZi*%BsZ8a{6wc`{h1WVqid$c+m^MuYX4rH7C6`$*u(nz!d9ADQB{t)O$mi2%3t(
zlt?V)+O9GL3G80k>B^MXp4SJz2rMW$NM{$mD#0{A2pq6R@YC*=Zrzu_^);2ZKqCfx
z=Ms|&I7pTLYozV(C1T}y|Gmte4<?X-p^)AQ)!wObI)OvPaVQx|intRpC1aEzvGO-?
z;h0)Y#%L?8vmmikL8uX;Ix1Ucc*;{dNhZM=87bmA)20S3Ih#yPg|^B`&kBW*@gs^5
zOqOcRH#@RF<$jwy<zOT>E|@F;W^9Jo@<S>aU2~D9Qx>8GQcSXxrdd7!$lR|Zf|wZI
zY*>aHVX_eGn1hkeLix$Nyk<{L@r(eQHNov7L!TrRjSw~4)URYT!qVs{n?)p?3C%{X
zS~Ks=_kWuo{5Hj7wZywy*`NIxL;Vmk#Cn=b^s8j77SGIq6EHsz#PSP6qgf1MoLn<S
z3ua_7qLc5P&p4qN#%z}&M&dc@3*h$Ue-HX8VZ5IMqSkrW>Tj8uR5X`qK2!_T7jux~
z_2>J2PV}D#yYe*q35O^Vn&c@-7pkD_e}p7m{6(Bz`-WRQPq&M}EQxeE)RPp36J&bW
z0Vb#6ey|6&MFU^I@_T>r1ieh*LXzH0`W#`VI2wHpQ7Sn;B-1p;N^LfWh3+Eo{-HY{
zLk=aA3n<O$rdt8Xm6RaxakRU8b8{0w31vX&csEw9*zQkfr?1~!zV7dfWBZpRMvUbL
z<Zz+R#!w|=hc`g%9%G8su8tFMLot`tMi?3K8%U8CVa6#Q&bWgh0~Kb#ZXh<}1o$VH
z;Ox=|FHbJdE_b{SXYc<0_Lq0y!^y?P$(wg)uP?#d3vl}O&8xF_XK&wJg13JKCvW}%
zemr~gY6l>!40)eZnNNaHfT!{}54=mA9L5ZuS?{GO7Kb2)$#@3G2#m=bsY`+s(J5x?
qfP_ip#dwNMeu~m`f^Vqs$m8?)JU;jS{Qm#|0RR8sy?z`3CKmv;g;Wdx

literal 0
HcmV?d00001

diff --git a/charts/jenkins/jenkins/CHANGELOG.md b/charts/jenkins/jenkins/CHANGELOG.md
index bb823c254..2e48eb2d5 100644
--- a/charts/jenkins/jenkins/CHANGELOG.md
+++ b/charts/jenkins/jenkins/CHANGELOG.md
@@ -12,6 +12,10 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0.
 The changelog until v1.5.7 was auto-generated based on git commits.
 Those entries include a reference to the git commit to be able to get more details.
 
+## 5.2.1
+
+Update `jenkins/jenkins` to version `2.452.2-jdk17`
+
 ## 5.2.0
 
 Add `agent.inheritYamlMergeStrategy` to allow configuring this setting on the default agent pod template.
diff --git a/charts/jenkins/jenkins/Chart.yaml b/charts/jenkins/jenkins/Chart.yaml
index 6032fa171..b817daa1d 100644
--- a/charts/jenkins/jenkins/Chart.yaml
+++ b/charts/jenkins/jenkins/Chart.yaml
@@ -1,10 +1,10 @@
 annotations:
   artifacthub.io/category: integration-delivery
   artifacthub.io/changes: |
-    - Add `agent.inheritYamlMergeStrategy` to allow configuring this setting on the default agent pod template.
+    - Update `jenkins/jenkins` to version `2.452.2-jdk17`
   artifacthub.io/images: |
     - name: jenkins
-      image: docker.io/jenkins/jenkins:2.452.1-jdk17
+      image: docker.io/jenkins/jenkins:2.452.2-jdk17
     - name: k8s-sidecar
       image: docker.io/kiwigrid/k8s-sidecar:1.27.4
     - name: inbound-agent
@@ -22,7 +22,7 @@ annotations:
   catalog.cattle.io/kube-version: '>=1.14-0'
   catalog.cattle.io/release-name: jenkins
 apiVersion: v2
-appVersion: 2.452.1
+appVersion: 2.452.2
 description: 'Jenkins - Build great things at any scale! As the leading open source
   automation server, Jenkins provides over 1800 plugins to support building, deploying
   and automating any project. '
@@ -50,4 +50,4 @@ sources:
 - https://github.com/maorfr/kube-tasks
 - https://github.com/jenkinsci/configuration-as-code-plugin
 type: application
-version: 5.2.0
+version: 5.2.1
diff --git a/charts/kong/kong/CHANGELOG.md b/charts/kong/kong/CHANGELOG.md
index 7d06c93e8..24da47d2d 100644
--- a/charts/kong/kong/CHANGELOG.md
+++ b/charts/kong/kong/CHANGELOG.md
@@ -1,5 +1,31 @@
 # Changelog
 
+## 2.39.0
+
+### Changes
+
+* Updated handling of `session_conf_secret` to accommodate Kong 3.6.
+  It can now be omitted [when using OIDC](https://docs.konghq.com/gateway/3.6.x/kong-manager/auth/oidc/migrate/).
+  [#1033](https://github.com/Kong/charts/pull/1033)
+* Setting a Service's `servicePort` to 0 now disables that port on the Service,
+  for use when the external Service and container listens should differ, such
+  as when terminating TLS at a LoadBalancer.
+  [#1021](https://github.com/Kong/charts/pull/1021)
+* Added an `ingressController.admissionWebhook.filterSecrets` option. When
+  enabled, the webhook will only validate Secrets that have one of the
+  recognized KIC labels:
+
+  * `konghq.com/credential: <"key-auth", "jwt", etc. credential types>`
+  * `konghq.com/validate: <"plugin", "custom">`
+
+  Earlier versions checked all Secrets and did not require labels, interfering
+  with non-KIC labels. Requires KIC 3.0+.
+  [#1061](https://github.com/Kong/charts/pull/1061)
+* Add RBAC policy rules for Custom Entities
+  [#1081](https://github.com/Kong/charts/pull/1081)
+* Bumped default `kong/kubernetes-ingress-controller` image tag to 3.2.
+  [#1085](https://github.com/Kong/charts/pull/1085)
+
 ## 2.38.0
 
 ### Changes
diff --git a/charts/kong/kong/Chart.yaml b/charts/kong/kong/Chart.yaml
index 3805e9790..ce2b0fdba 100644
--- a/charts/kong/kong/Chart.yaml
+++ b/charts/kong/kong/Chart.yaml
@@ -18,4 +18,4 @@ maintainers:
 name: kong
 sources:
 - https://github.com/Kong/charts/tree/main/charts/kong
-version: 2.38.0
+version: 2.39.0
diff --git a/charts/kong/kong/README.md b/charts/kong/kong/README.md
index 3c5f3da05..b6d92c1b7 100644
--- a/charts/kong/kong/README.md
+++ b/charts/kong/kong/README.md
@@ -751,6 +751,7 @@ section of `values.yaml` file:
 | watchNamespaces                            | List of namespaces to watch. Watches all namespaces if empty                                                                                             | []                                 |
 | admissionWebhook.enabled                   | Whether to enable the validating admission webhook                                                                                                       | true                               |
 | admissionWebhook.failurePolicy             | How unrecognized errors from the admission endpoint are handled (Ignore or Fail)                                                                         | Ignore                             |
+| admissionWebhook.filterSecrets             | Limit the webhook to only Secrets with the appropriate KIC validation labels.                                                                            | false                              |
 | admissionWebhook.port                      | The port the ingress controller will listen on for admission webhooks                                                                                    | 8080                               |
 | admissionWebhook.address                   | The address the ingress controller will listen on for admission webhooks, if not 0.0.0.0                                                                 |                                    |
 | admissionWebhook.annotations               | Annotations for the Validation Webhook Configuration                                                                                                     |                                    |
diff --git a/charts/kong/kong/ci/.chartsnap.yaml b/charts/kong/kong/ci/.chartsnap.yaml
index 110e0b269..b5a7c27fe 100644
--- a/charts/kong/kong/ci/.chartsnap.yaml
+++ b/charts/kong/kong/ci/.chartsnap.yaml
@@ -24,3 +24,5 @@ dynamicFields:
     name: chartsnap-kong-validations
     jsonPath:
       - /webhooks/0/clientConfig/caBundle
+      - /webhooks/1/clientConfig/caBundle
+      - /webhooks/2/clientConfig/caBundle
diff --git a/charts/kong/kong/ci/__snapshots__/admin-api-service-clusterip-values.snap b/charts/kong/kong/ci/__snapshots__/admin-api-service-clusterip-values.snap
index f7853bdc5..748bd26b8 100644
--- a/charts/kong/kong/ci/__snapshots__/admin-api-service-clusterip-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/admin-api-service-clusterip-values.snap
@@ -1,371 +1,367 @@
-[admin-api-service-clusterip-values]
-SnapShot = """
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  kong.yml: |
+    _format_version: "1.1"
+    services:
+    - name: example.com
+      url: http://example.com
+      routes:
+      - name: example
+        paths:
+        - "/example"
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-custom-dbless-config
+  namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-admin
+  namespace: default
+spec:
+  ports:
+    - name: kong-admin-tls
+      port: 8444
+      protocol: TCP
+      targetPort: 8444
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        checksum/dbless.config: 626be043e4a43b0d55af934d06216254abe132b29af82450379439ecd927219a
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    checksum/dbless.config: 626be043e4a43b0d55af934d06216254abe132b29af82450379439ecd927219a
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_DECLARATIVE_CONFIG
-                          value: /kong_dbless/kong.yml
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8444
-                          name: admin-tls
-                          protocol: TCP
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                        - mountPath: /kong_dbless/
-                          name: kong-custom-dbless-config-volume
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_DECLARATIVE_CONFIG
-                          value: /kong_dbless/kong.yml
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                        - mountPath: /kong_dbless/
-                          name: kong-custom-dbless-config-volume
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - configMap:
-                        name: chartsnap-kong-custom-dbless-config
-                      name: kong-custom-dbless-config-volume
-- object:
-    apiVersion: v1
-    data:
-        kong.yml: |
-            _format_version: \"1.1\"
-            services:
-            - name: example.com
-              url: http://example.com
-              routes:
-              - name: example
-                paths:
-                - \"/example\"
-    kind: ConfigMap
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-custom-dbless-config
-        namespace: default
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-admin
-        namespace: default
-    spec:
-        ports:
-            - name: kong-admin-tls
-              port: 8444
+      automountServiceAccountToken: false
+      containers:
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_DECLARATIVE_CONFIG
+              value: /kong_dbless/kong.yml
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8444
+              name: admin-tls
               protocol: TCP
-              targetPort: 8444
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: ClusterIP
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 8443
+              name: proxy-tls
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 8100
+              name: status
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
-              protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-"""
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+            - mountPath: /kong_dbless/
+              name: kong-custom-dbless-config-volume
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_DECLARATIVE_CONFIG
+              value: /kong_dbless/kong.yml
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+            - mountPath: /kong_dbless/
+              name: kong-custom-dbless-config-volume
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - configMap:
+            name: chartsnap-kong-custom-dbless-config
+          name: kong-custom-dbless-config-volume
diff --git a/charts/kong/kong/ci/__snapshots__/custom-entities-rbac-3.2-values.snap b/charts/kong/kong/ci/__snapshots__/custom-entities-rbac-3.2-values.snap
new file mode 100644
index 000000000..3b49062db
--- /dev/null
+++ b/charts/kong/kong/ci/__snapshots__/custom-entities-rbac-3.2-values.snap
@@ -0,0 +1,975 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
+    metadata:
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ANONYMOUS_REPORTS
+              value: "false"
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/nightly-ingress-controller:2024-06-09
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
+              protocol: TCP
+            - containerPort: 10255
+              name: cmetrics
+              protocol: TCP
+            - containerPort: 10254
+              name: cstatus
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
+              protocol: TCP
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 1
+            periodSeconds: 1
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
diff --git a/charts/kong/kong/ci/__snapshots__/custom-labels-values.snap b/charts/kong/kong/ci/__snapshots__/custom-labels-values.snap
index 70b631e1d..7ab6423f2 100644
--- a/charts/kong/kong/ci/__snapshots__/custom-labels-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/custom-labels-values.snap
@@ -1,920 +1,983 @@
-[custom-labels-values]
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    acme.com/some-key: some-value
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    acme.com/some-key: some-value
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    acme.com/some-key: some-value
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    acme.com/some-key: some-value
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    acme.com/some-key: some-value
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    acme.com/some-key: some-value
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    acme.com/some-key: some-value
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    acme.com/some-key: some-value
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    acme.com/some-key: some-value
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    acme.com/some-key: some-value
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    acme.com/some-key: some-value
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    acme.com/some-key: some-value
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            acme.com/some-key: some-value
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-        labels:
-            acme.com/some-key: some-value
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        acme.com/some-key: some-value
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    acme.com/some-key: some-value
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                      image: kong/kubernetes-ingress-controller:3.1
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: chartsnap-kong-token
-                          readOnly: true
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            acme.com/some-key: some-value
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            acme.com/some-key: some-value
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            acme.com/some-key: some-value
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            acme.com/some-key: some-value
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            acme.com/some-key: some-value
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            acme.com/some-key: some-value
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            acme.com/some-key: some-value
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/kubernetes-ingress-controller:3.2
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 10255
+              name: cmetrics
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            acme.com/some-key: some-value
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 10254
+              name: cstatus
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            acme.com/some-key: some-value
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    acme.com/some-key: some-value
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            acme.com/some-key: some-value
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            acme.com/some-key: some-value
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-"""
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
diff --git a/charts/kong/kong/ci/__snapshots__/default-values.snap b/charts/kong/kong/ci/__snapshots__/default-values.snap
index 0733fed1f..1fb080f57 100644
--- a/charts/kong/kong/ci/__snapshots__/default-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/default-values.snap
@@ -1,912 +1,975 @@
-[default-values]
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ANONYMOUS_REPORTS
-                          value: \"false\"
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                      image: kong/kubernetes-ingress-controller:3.1
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: chartsnap-kong-token
-                          readOnly: true
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ANONYMOUS_REPORTS
+              value: "false"
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/kubernetes-ingress-controller:3.2
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 10255
+              name: cmetrics
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 10254
+              name: cstatus
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-"""
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-1-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-1-values.snap
index 3de415c6f..0907c01a3 100644
--- a/charts/kong/kong/ci/__snapshots__/kong-ingress-1-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-1-values.snap
@@ -1,941 +1,1004 @@
-[kong-ingress-1-values]
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+kind: Secret
+metadata:
+  name: kong.proxy.example.secret
+type: kubernetes.io/tls
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                      image: kong/kubernetes-ingress-controller:3.1
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: chartsnap-kong-token
-                          readOnly: true
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: networking.k8s.io/v1
-    kind: Ingress
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        rules:
-            - http:
-                paths:
-                    - backend:
-                        service:
-                            name: chartsnap-kong-proxy
-                            port:
-                                number: 443
-                      path: /
-                      pathType: ImplementationSpecific
-        tls:
-            - hosts: null
-              secretName: kong.proxy.example.secret
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-        tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
-    kind: Secret
-    metadata:
-        name: kong.proxy.example.secret
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/kubernetes-ingress-controller:3.2
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 10255
+              name: cmetrics
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 10254
+              name: cstatus
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  rules:
+    - http:
+        paths:
+          - backend:
+              service:
+                name: chartsnap-kong-proxy
+                port:
+                  number: 443
+            path: /
+            pathType: ImplementationSpecific
+  tls:
+    - hosts: null
+      secretName: kong.proxy.example.secret
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-"""
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-2-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-2-values.snap
index 456a42147..cd6c9e1db 100644
--- a/charts/kong/kong/ci/__snapshots__/kong-ingress-2-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-2-values.snap
@@ -1,943 +1,1006 @@
-[kong-ingress-2-values]
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+kind: Secret
+metadata:
+  name: kong.proxy.example.secret
+type: kubernetes.io/tls
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                      image: kong/kubernetes-ingress-controller:3.1
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: chartsnap-kong-token
-                          readOnly: true
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: networking.k8s.io/v1
-    kind: Ingress
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        rules:
-            - host: proxy.kong.example
-              http:
-                paths:
-                    - backend:
-                        service:
-                            name: chartsnap-kong-proxy
-                            port:
-                                number: 443
-                      path: /
-                      pathType: ImplementationSpecific
-        tls:
-            - hosts:
-                - proxy.kong.example
-              secretName: kong.proxy.example.secret
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-        tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
-    kind: Secret
-    metadata:
-        name: kong.proxy.example.secret
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/kubernetes-ingress-controller:3.2
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 10255
+              name: cmetrics
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 10254
+              name: cstatus
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  rules:
+    - host: proxy.kong.example
+      http:
+        paths:
+          - backend:
+              service:
+                name: chartsnap-kong-proxy
+                port:
+                  number: 443
+            path: /
+            pathType: ImplementationSpecific
+  tls:
+    - hosts:
+        - proxy.kong.example
+      secretName: kong.proxy.example.secret
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-"""
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-3-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-3-values.snap
index 7c37f2363..2c57a46bc 100644
--- a/charts/kong/kong/ci/__snapshots__/kong-ingress-3-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-3-values.snap
@@ -1,930 +1,993 @@
-[kong-ingress-3-values]
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                      image: kong/kubernetes-ingress-controller:3.1
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: chartsnap-kong-token
-                          readOnly: true
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: networking.k8s.io/v1
-    kind: Ingress
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        rules:
-            - host: proxy.kong.example
-              http:
-                paths:
-                    - backend:
-                        service:
-                            name: chartsnap-kong-proxy
-                            port:
-                                number: 443
-                      path: /
-                      pathType: ImplementationSpecific
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/kubernetes-ingress-controller:3.2
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 10255
+              name: cmetrics
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 10254
+              name: cstatus
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  rules:
+    - host: proxy.kong.example
+      http:
+        paths:
+          - backend:
+              service:
+                name: chartsnap-kong-proxy
+                port:
+                  number: 443
+            path: /
+            pathType: ImplementationSpecific
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-"""
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-4-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-4-values.snap
index 0a8f0fb27..c960594ec 100644
--- a/charts/kong/kong/ci/__snapshots__/kong-ingress-4-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-4-values.snap
@@ -1,983 +1,1046 @@
-[kong-ingress-4-values]
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+kind: Secret
+metadata:
+  name: kong.proxy.example.secret
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmakNDQW1ZQ0NRREVtWjF0cnJwaURqQU5CZ2txaGtpRzl3MEJBUXNGQURDQmdERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhGekFWCkJnTlZCQU1NRGlvdWEyOXVaeTVsZUdGdGNHeGxNQjRYRFRJek1EWXlPVEE0TVRjek4xb1hEVE16TURZeU5qQTQKTVRjek4xb3dnWUF4Q3pBSkJnTlZCQVlUQWxoWU1SSXdFQVlEVlFRSURBbFRkR0YwWlU1aGJXVXhFVEFQQmdOVgpCQWNNQ0VOcGRIbE9ZVzFsTVJRd0VnWURWUVFLREF0RGIyMXdZVzU1VG1GdFpURWJNQmtHQTFVRUN3d1NRMjl0CmNHRnVlVk5sWTNScGIyNU9ZVzFsTVJjd0ZRWURWUVFEREE0cUxtdHZibWN1WlhoaGJYQnNaVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDlSR1g1VytsRW8wcGg2eTJqeHN6TGZOcjMvNlpFOQpPR0pPMGl1WmpwRml2dHBya24ydDlqYTRaNUdYOGh4NUczS1FsRkhrVFBmV01BWmUzdldINTF0alZzYjZwY2UwCjlkMUo4WXNxWkh5RHVlUzBrS3RUbEFmc0F5MnVjL3ZvUUdmOTdZeUI2TlJ4TEJmNHBnSVJ4eHpGM3o0Q1ZOSTgKTzE5Ym1PYVo1Vkk1QWZpbENSMUI1ekxuN2VoeEJHOHhTQmRtQUg0eWFob2t5RXk2a0ZtRzJCaEtJWjdsL1BZYQpqbU1yQ3cwekRVampvblBublZTWTkxL0EwNUJVTVk5OEZsME00QVV5T1V3enBaajhqMXhLMTNqUVlGeXJwUHQwCklHNUdLR044akVCcnRkdGVlcGZIdFZuekFWYnhoT0hkcXZoUWhrSDJDSGVwOStIQkNIL25VL1VDQXdFQUFUQU4KQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBQkcxVVYyUFRJekhrNEt4cjBHT0NXalhjTTdKUU9hbUJQM3dZSCswRgpyc09YUG9IOHVLV25XYjhSSGE1MDhMenU4MGNzS1lYcnZ4SEhDcmcxdXJjRnl3bnNMaUtMNGhsQklTd2ZMNzFFClVXODhQdGYyWTdjTnJZRzNLc2MvMWVpait1RWd5bVdCbjkraVYzbzE5VERwRjlZZWZwYzNUUDJqMGhNUHcwMlgKa1gzSlh3b250NnBQaDhlQjhXRU1OZkF5NzZmb0lMcytVd0Fjck56QkpjSVZSTERoZWFNMFNFd0xCNUpuaWZ5ZwplRE1aSE56MkhLais0NU1wTzFOSDBtd3ZJRTRLQjNITUNSSlMybmZFbWVMcFdCMWpmZTV6T2o1bWhTeS82M0RVCldDQll1aUhtelFWaGxJS21lQzBlVmd3bGtkMTFrUDRNM1hoWnB6V09aQ1BoaGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQy9VUmwrVnZwUktOS1kKZXN0bzhiTXkzemE5LyttUlBUaGlUdElybVk2UllyN2FhNUo5cmZZMnVHZVJsL0ljZVJ0eWtKUlI1RXozMWpBRwpYdDcxaCtkYlkxYkcrcVhIdFBYZFNmR0xLbVI4Zzdua3RKQ3JVNVFIN0FNdHJuUDc2RUJuL2UyTWdlalVjU3dYCitLWUNFY2NjeGQ4K0FsVFNQRHRmVzVqbW1lVlNPUUg0cFFrZFFlY3k1KzNvY1FSdk1VZ1haZ0IrTW1vYUpNaE0KdXBCWmh0Z1lTaUdlNWZ6MkdvNWpLd3NOTXcxSTQ2Sno1NTFVbVBkZndOT1FWREdQZkJaZERPQUZNamxNTTZXWQovSTljU3RkNDBHQmNxNlQ3ZENCdVJpaGpmSXhBYTdYYlhucVh4N1ZaOHdGVzhZVGgzYXI0VUlaQjlnaDNxZmZoCndRaC81MVAxQWdNQkFBRUNnZ0VCQUlCZ0l3TXJ5ZnY3c0pTd2tSMXlVaFNvdzByckZnZG5WUlppWFpUMERUNXgKVEMrMFR6QVdNMGkwcElxRnN1aDRPM3E4bVVuNkw4dDk1ZXZnYlN2RWJmSmN6alhtcXFjL1BsdW02blcvbEg0WQp4Znc1VFhvcE13Tzkwc1FzYzVkdFdRcHUwWitlN0dUaEsvMUowOXMvb3FRa0FwRFJiNmxDMFhSRE9tNUNoaWFNCi95Z2M2dGUzUHkrRXpzSmRMRm9YWndFQnVQWTB2KzlBclhpNmlUMllaN1ZacE9iZzQxcm1ocHNObTFLNmdJajUKZFZKNGZYa2Z5V0hsSmJBYzVTRDkrVWMrTGFjUEcxSjVJUWx6eTM0WlM0ZG9VQ2lmODZuVHFzSnFVTU1sNXYxcAp3SFFUZFI2MkdnWnRPM1grOU4vdHE3SExqU0tHY0JEd3E4bEM4QXZ0VHdFQ2dZRUErWWpVdzI1em42aWhjaXFpCmo3dDJiQVdLdzdlbng1RXFzU25ZOG1PYzR2TDdNa1YyN2ZhYXp1cW8wUEtOeWJOa1grUlhIMDN4S0NDd0x0N0UKLzRDUlFHMGNkQmhBQ2szMkpadllrQmxESUZ3VmtnMHVnNGk4Snp6VjVCT2hEeWdwZUhJTDVVTkx2eGJDbVh6MAo1bXNYRktPYW1HYkFCbE9KTEZsR1R4WWdzeWtDZ1lFQXhFWWI0dFVmRmhiTmpJTUMyd1hFRXdWZkJYOFJqNzVqCjN6SkwxV3o4YWxUQmxFemZYOTZiNmg3VjFNT1NHcmlabFJ1cGpEaUFsUkhPZytDSXlPbmdISFkwd2xTaHNmemQKSDluL2dOdUZsanFuQkF3OVpaSW9hbE1zUVVER3RLSnVIejhEYzlVNzRFMGM3WldQWk1Ub0pNdFV2Zkl5T0pZSgpQODh1YnYvam4rMENnWUJaNmpzNFhKRmZRNFZCUFNtc2Z4RXg1V0ZXR3RSakxlVGpSNy83djNjbHRBWmQyL2Y1CjBUV0JQNzhxNDJ2QjlWbEMwR1d3U3dhTnZoR2VJZmw4VTVpRFRZM0dLNExQODcyeFdaSFVnclhVY0RuNWtiUmsKQXg1QlNVT05WcUZmYzhwVnMwcWtCdmJCV1hNdm1YNHBsUWNSRWM3QUFhNUoyVW9CWi8zVXU1VjIyUUtCZ0ZnVQpKanQ2N0lKYkpVN2pGQXI1NFcydndWNlVFV3R5UXh0TVZOK29FdlljcHVwSVBRMm10azB3SFVGbnFrODNmQ1IvCnoyeFBodFJlczFCWEdNc2d1U1BNb0F4OU1qclBnT1BrVGxhakxLV29HSDhtaHY3bndoOUV4OTFZbGxORmVTbW8KZTRJbHRNTUpsK3UrYkNVS2dDclMzR3FKSDZScElDbDBiaC85MFVaWkFvR0FaUEsrdldLQ0N6aHNhSnVWak1VSQpiTEJlMi9CM0xxTVBhakFLTjVTNU9GYlpBZm5NeE9BT1lnd25iWmdpZGVkcVk2QkIyLytVVGt4MW1IUjhKcmpGCnRyN20wS2VvRFY4dmQxSENvSkF3b2hqQ1B6SkJhSW9WYWNkRFNsMDNIOVFEck4yd0RFYUxoWFBlVkRoNGZ2NmQKa3d6V3FZWUlETzRKQlp5L21Wa0t4NFU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+kind: Secret
+metadata:
+  name: kong.proxy.example.secret2
+type: kubernetes.io/tls
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                      image: kong/kubernetes-ingress-controller:3.1
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: chartsnap-kong-token
-                          readOnly: true
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: networking.k8s.io/v1
-    kind: Ingress
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        rules:
-            - host: proxy.kong.example
-              http:
-                paths:
-                    - backend:
-                        service:
-                            name: chartsnap-kong-proxy
-                            port:
-                                number: 443
-                      path: /
-                      pathType: ImplementationSpecific
-            - host: proxy2.kong.example
-              http:
-                paths:
-                    - backend:
-                        service:
-                            name: chartsnap-kong-proxy
-                            port:
-                                number: 443
-                      path: /foo
-                      pathType: Prefix
-                    - backend:
-                        service:
-                            name: chartsnap-kong-proxy
-                            port:
-                                number: 443
-                      path: /bar
-                      pathType: Prefix
-            - host: proxy3.kong.example
-              http:
-                paths:
-                    - backend:
-                        service:
-                            name: chartsnap-kong-proxy
-                            port:
-                                number: 443
-                      path: /baz
-                      pathType: Prefix
-        tls:
-            - hosts:
-                - proxy.kong.example
-              secretName: proxy.kong.example.secret
-            - hosts:
-                - proxy2.kong.example
-                - proxy3.kong.example
-              secretName: proxy.kong.example.secret2
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-        tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
-    kind: Secret
-    metadata:
-        name: kong.proxy.example.secret
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmakNDQW1ZQ0NRREVtWjF0cnJwaURqQU5CZ2txaGtpRzl3MEJBUXNGQURDQmdERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhGekFWCkJnTlZCQU1NRGlvdWEyOXVaeTVsZUdGdGNHeGxNQjRYRFRJek1EWXlPVEE0TVRjek4xb1hEVE16TURZeU5qQTQKTVRjek4xb3dnWUF4Q3pBSkJnTlZCQVlUQWxoWU1SSXdFQVlEVlFRSURBbFRkR0YwWlU1aGJXVXhFVEFQQmdOVgpCQWNNQ0VOcGRIbE9ZVzFsTVJRd0VnWURWUVFLREF0RGIyMXdZVzU1VG1GdFpURWJNQmtHQTFVRUN3d1NRMjl0CmNHRnVlVk5sWTNScGIyNU9ZVzFsTVJjd0ZRWURWUVFEREE0cUxtdHZibWN1WlhoaGJYQnNaVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDlSR1g1VytsRW8wcGg2eTJqeHN6TGZOcjMvNlpFOQpPR0pPMGl1WmpwRml2dHBya24ydDlqYTRaNUdYOGh4NUczS1FsRkhrVFBmV01BWmUzdldINTF0alZzYjZwY2UwCjlkMUo4WXNxWkh5RHVlUzBrS3RUbEFmc0F5MnVjL3ZvUUdmOTdZeUI2TlJ4TEJmNHBnSVJ4eHpGM3o0Q1ZOSTgKTzE5Ym1PYVo1Vkk1QWZpbENSMUI1ekxuN2VoeEJHOHhTQmRtQUg0eWFob2t5RXk2a0ZtRzJCaEtJWjdsL1BZYQpqbU1yQ3cwekRVampvblBublZTWTkxL0EwNUJVTVk5OEZsME00QVV5T1V3enBaajhqMXhLMTNqUVlGeXJwUHQwCklHNUdLR044akVCcnRkdGVlcGZIdFZuekFWYnhoT0hkcXZoUWhrSDJDSGVwOStIQkNIL25VL1VDQXdFQUFUQU4KQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBQkcxVVYyUFRJekhrNEt4cjBHT0NXalhjTTdKUU9hbUJQM3dZSCswRgpyc09YUG9IOHVLV25XYjhSSGE1MDhMenU4MGNzS1lYcnZ4SEhDcmcxdXJjRnl3bnNMaUtMNGhsQklTd2ZMNzFFClVXODhQdGYyWTdjTnJZRzNLc2MvMWVpait1RWd5bVdCbjkraVYzbzE5VERwRjlZZWZwYzNUUDJqMGhNUHcwMlgKa1gzSlh3b250NnBQaDhlQjhXRU1OZkF5NzZmb0lMcytVd0Fjck56QkpjSVZSTERoZWFNMFNFd0xCNUpuaWZ5ZwplRE1aSE56MkhLais0NU1wTzFOSDBtd3ZJRTRLQjNITUNSSlMybmZFbWVMcFdCMWpmZTV6T2o1bWhTeS82M0RVCldDQll1aUhtelFWaGxJS21lQzBlVmd3bGtkMTFrUDRNM1hoWnB6V09aQ1BoaGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-        tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQy9VUmwrVnZwUktOS1kKZXN0bzhiTXkzemE5LyttUlBUaGlUdElybVk2UllyN2FhNUo5cmZZMnVHZVJsL0ljZVJ0eWtKUlI1RXozMWpBRwpYdDcxaCtkYlkxYkcrcVhIdFBYZFNmR0xLbVI4Zzdua3RKQ3JVNVFIN0FNdHJuUDc2RUJuL2UyTWdlalVjU3dYCitLWUNFY2NjeGQ4K0FsVFNQRHRmVzVqbW1lVlNPUUg0cFFrZFFlY3k1KzNvY1FSdk1VZ1haZ0IrTW1vYUpNaE0KdXBCWmh0Z1lTaUdlNWZ6MkdvNWpLd3NOTXcxSTQ2Sno1NTFVbVBkZndOT1FWREdQZkJaZERPQUZNamxNTTZXWQovSTljU3RkNDBHQmNxNlQ3ZENCdVJpaGpmSXhBYTdYYlhucVh4N1ZaOHdGVzhZVGgzYXI0VUlaQjlnaDNxZmZoCndRaC81MVAxQWdNQkFBRUNnZ0VCQUlCZ0l3TXJ5ZnY3c0pTd2tSMXlVaFNvdzByckZnZG5WUlppWFpUMERUNXgKVEMrMFR6QVdNMGkwcElxRnN1aDRPM3E4bVVuNkw4dDk1ZXZnYlN2RWJmSmN6alhtcXFjL1BsdW02blcvbEg0WQp4Znc1VFhvcE13Tzkwc1FzYzVkdFdRcHUwWitlN0dUaEsvMUowOXMvb3FRa0FwRFJiNmxDMFhSRE9tNUNoaWFNCi95Z2M2dGUzUHkrRXpzSmRMRm9YWndFQnVQWTB2KzlBclhpNmlUMllaN1ZacE9iZzQxcm1ocHNObTFLNmdJajUKZFZKNGZYa2Z5V0hsSmJBYzVTRDkrVWMrTGFjUEcxSjVJUWx6eTM0WlM0ZG9VQ2lmODZuVHFzSnFVTU1sNXYxcAp3SFFUZFI2MkdnWnRPM1grOU4vdHE3SExqU0tHY0JEd3E4bEM4QXZ0VHdFQ2dZRUErWWpVdzI1em42aWhjaXFpCmo3dDJiQVdLdzdlbng1RXFzU25ZOG1PYzR2TDdNa1YyN2ZhYXp1cW8wUEtOeWJOa1grUlhIMDN4S0NDd0x0N0UKLzRDUlFHMGNkQmhBQ2szMkpadllrQmxESUZ3VmtnMHVnNGk4Snp6VjVCT2hEeWdwZUhJTDVVTkx2eGJDbVh6MAo1bXNYRktPYW1HYkFCbE9KTEZsR1R4WWdzeWtDZ1lFQXhFWWI0dFVmRmhiTmpJTUMyd1hFRXdWZkJYOFJqNzVqCjN6SkwxV3o4YWxUQmxFemZYOTZiNmg3VjFNT1NHcmlabFJ1cGpEaUFsUkhPZytDSXlPbmdISFkwd2xTaHNmemQKSDluL2dOdUZsanFuQkF3OVpaSW9hbE1zUVVER3RLSnVIejhEYzlVNzRFMGM3WldQWk1Ub0pNdFV2Zkl5T0pZSgpQODh1YnYvam4rMENnWUJaNmpzNFhKRmZRNFZCUFNtc2Z4RXg1V0ZXR3RSakxlVGpSNy83djNjbHRBWmQyL2Y1CjBUV0JQNzhxNDJ2QjlWbEMwR1d3U3dhTnZoR2VJZmw4VTVpRFRZM0dLNExQODcyeFdaSFVnclhVY0RuNWtiUmsKQXg1QlNVT05WcUZmYzhwVnMwcWtCdmJCV1hNdm1YNHBsUWNSRWM3QUFhNUoyVW9CWi8zVXU1VjIyUUtCZ0ZnVQpKanQ2N0lKYkpVN2pGQXI1NFcydndWNlVFV3R5UXh0TVZOK29FdlljcHVwSVBRMm10azB3SFVGbnFrODNmQ1IvCnoyeFBodFJlczFCWEdNc2d1U1BNb0F4OU1qclBnT1BrVGxhakxLV29HSDhtaHY3bndoOUV4OTFZbGxORmVTbW8KZTRJbHRNTUpsK3UrYkNVS2dDclMzR3FKSDZScElDbDBiaC85MFVaWkFvR0FaUEsrdldLQ0N6aHNhSnVWak1VSQpiTEJlMi9CM0xxTVBhakFLTjVTNU9GYlpBZm5NeE9BT1lnd25iWmdpZGVkcVk2QkIyLytVVGt4MW1IUjhKcmpGCnRyN20wS2VvRFY4dmQxSENvSkF3b2hqQ1B6SkJhSW9WYWNkRFNsMDNIOVFEck4yd0RFYUxoWFBlVkRoNGZ2NmQKa3d6V3FZWUlETzRKQlp5L21Wa0t4NFU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
-    kind: Secret
-    metadata:
-        name: kong.proxy.example.secret2
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/kubernetes-ingress-controller:3.2
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 10255
+              name: cmetrics
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 10254
+              name: cstatus
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  rules:
+    - host: proxy.kong.example
+      http:
+        paths:
+          - backend:
+              service:
+                name: chartsnap-kong-proxy
+                port:
+                  number: 443
+            path: /
+            pathType: ImplementationSpecific
+    - host: proxy2.kong.example
+      http:
+        paths:
+          - backend:
+              service:
+                name: chartsnap-kong-proxy
+                port:
+                  number: 443
+            path: /foo
+            pathType: Prefix
+          - backend:
+              service:
+                name: chartsnap-kong-proxy
+                port:
+                  number: 443
+            path: /bar
+            pathType: Prefix
+    - host: proxy3.kong.example
+      http:
+        paths:
+          - backend:
+              service:
+                name: chartsnap-kong-proxy
+                port:
+                  number: 443
+            path: /baz
+            pathType: Prefix
+  tls:
+    - hosts:
+        - proxy.kong.example
+      secretName: proxy.kong.example.secret
+    - hosts:
+        - proxy2.kong.example
+        - proxy3.kong.example
+      secretName: proxy.kong.example.secret2
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-"""
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-5-3.1-rbac-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-5-3.1-rbac-values.snap
index 4eb6e9861..3cd488adf 100644
--- a/charts/kong/kong/ci/__snapshots__/kong-ingress-5-3.1-rbac-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-5-3.1-rbac-values.snap
@@ -1,912 +1,959 @@
-['kong-ingress-5-3.1-rbac-values']
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ANONYMOUS_REPORTS
-                          value: \"false\"
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                      image: kong/kubernetes-ingress-controller:3.1.0
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: chartsnap-kong-token
-                          readOnly: true
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ANONYMOUS_REPORTS
+              value: "false"
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/kubernetes-ingress-controller:3.1.0
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 10255
+              name: cmetrics
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 10254
+              name: cstatus
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-"""
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
diff --git a/charts/kong/kong/ci/__snapshots__/proxy-appprotocol-values.snap b/charts/kong/kong/ci/__snapshots__/proxy-appprotocol-values.snap
index c53f0066f..9cb18f784 100644
--- a/charts/kong/kong/ci/__snapshots__/proxy-appprotocol-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/proxy-appprotocol-values.snap
@@ -1,908 +1,971 @@
-[proxy-appprotocol-values]
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - appProtocol: http
+      name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - appProtocol: https
+      name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                      image: kong/kubernetes-ingress-controller:3.1
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: chartsnap-kong-token
-                          readOnly: true
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/kubernetes-ingress-controller:3.2
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 10255
+              name: cmetrics
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - appProtocol: http
-              name: kong-proxy
-              port: 80
+            - containerPort: 10254
+              name: cstatus
               protocol: TCP
-              targetPort: 8000
-            - appProtocol: https
-              name: kong-proxy-tls
-              port: 443
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-"""
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
diff --git a/charts/kong/kong/ci/__snapshots__/service-account.snap b/charts/kong/kong/ci/__snapshots__/service-account.snap
index acfde1ef4..e1fa460c2 100644
--- a/charts/kong/kong/ci/__snapshots__/service-account.snap
+++ b/charts/kong/kong/ci/__snapshots__/service-account.snap
@@ -1,906 +1,969 @@
-[service-account]
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: my-kong-sa
+  namespace: default
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: my-kong-sa
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: my-kong-sa
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: my-kong-sa-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: my-kong-sa-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                      image: kong/kubernetes-ingress-controller:3.1
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: my-kong-sa-token
-                          readOnly: true
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: my-kong-sa
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: my-kong-sa-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: my-kong-sa
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: my-kong-sa
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/kubernetes-ingress-controller:3.2
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 10255
+              name: cmetrics
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 10254
+              name: cstatus
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: my-kong-sa-token
+              readOnly: true
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: my-kong-sa
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: my-kong-sa-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: my-kong-sa
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-"""
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
diff --git a/charts/kong/kong/ci/__snapshots__/single-image-default-values.snap b/charts/kong/kong/ci/__snapshots__/single-image-default-values.snap
index 2f242db10..0eada3ee6 100644
--- a/charts/kong/kong/ci/__snapshots__/single-image-default-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/single-image-default-values.snap
@@ -1,912 +1,975 @@
-[single-image-default-values]
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ANONYMOUS_REPORTS
-                          value: \"false\"
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                      image: kong/kubernetes-ingress-controller:3.0
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: chartsnap-kong-token
-                          readOnly: true
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.4.1
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.4.1
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ANONYMOUS_REPORTS
+              value: "false"
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/kubernetes-ingress-controller:3.0
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 10255
+              name: cmetrics
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 10254
+              name: cstatus
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.4.1
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.4.1
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-"""
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
diff --git a/charts/kong/kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap b/charts/kong/kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap
index f16c309cb..6e2115997 100644
--- a/charts/kong/kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap
@@ -1,311 +1,307 @@
-['test-enterprise-version-3.4.0.0-values']
-SnapShot = """
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong/kong-gateway:3.4.0.0
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 1
-                        periodSeconds: 1
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong/kong-gateway:3.4.0.0
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong/kong-gateway:3.4.0.0
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 8443
+              name: proxy-tls
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 8100
+              name: status
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
-              protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-"""
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 1
+            periodSeconds: 1
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong/kong-gateway:3.4.0.0
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
diff --git a/charts/kong/kong/ci/__snapshots__/test1-values.snap b/charts/kong/kong/ci/__snapshots__/test1-values.snap
index 8f5070eb0..a18b03401 100644
--- a/charts/kong/kong/ci/__snapshots__/test1-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/test1-values.snap
@@ -1,999 +1,1062 @@
-[test1-values]
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-- object:
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        environment: test
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ANONYMOUS_REPORTS
+              value: "false"
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_HEADER
+              value: foo:bar
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/kubernetes-ingress-controller:3.2
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
+              protocol: TCP
+            - containerPort: 10255
+              name: cmetrics
+              protocol: TCP
+            - containerPort: 10254
+              name: cstatus
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+            - mountPath: /tmp/foo
+              name: tmpdir
+              readOnly: true
+            - mountPath: /tmp/controller
+              name: controllerdir
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://admin.kong.example
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://admin.kong.example
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
+              protocol: TCP
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+            - mountPath: /tmp/foo
+              name: tmpdir
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://admin.kong.example
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://admin.kong.example
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+        - command:
+            - /bin/sh
+            - -c
+            - "true"
+          image: bash:latest
+          name: bash
+          resources:
+            limits:
+              cpu: 100m
+              memory: 64Mi
+            requests:
+              cpu: 100m
+              memory: 64Mi
+          volumeMounts:
+            - mountPath: /tmp/foo
+              name: tmpdir
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+        - emptyDir: {}
+          name: tmpdir
+        - emptyDir: {}
+          name: controllerdir
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  maxReplicas: 5
+  metrics:
+    - resource:
+        name: cpu
+        target:
+          averageUtilization: 80
+          type: Utilization
+      type: Resource
+  minReplicas: 2
+  scaleTargetRef:
     apiVersion: apps/v1
     kind: Deployment
-    metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    spec:
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    environment: test
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ANONYMOUS_REPORTS
-                          value: \"false\"
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_HEADER
-                          value: foo:bar
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                      image: kong/kubernetes-ingress-controller:3.1
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: chartsnap-kong-token
-                          readOnly: true
-                        - mountPath: /tmp/foo
-                          name: tmpdir
-                          readOnly: true
-                        - mountPath: /tmp/controller
-                          name: controllerdir
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://admin.kong.example
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://admin.kong.example
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                        - mountPath: /tmp/foo
-                          name: tmpdir
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://admin.kong.example
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://admin.kong.example
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                    - command:
-                        - /bin/sh
-                        - -c
-                        - \"true\"
-                      image: bash:latest
-                      name: bash
-                      resources:
-                        limits:
-                            cpu: 100m
-                            memory: 64Mi
-                        requests:
-                            cpu: 100m
-                            memory: 64Mi
-                      volumeMounts:
-                        - mountPath: /tmp/foo
-                          name: tmpdir
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-                    - emptyDir: {}
-                      name: tmpdir
-                    - emptyDir: {}
-                      name: controllerdir
-- object:
-    apiVersion: autoscaling/v2
-    kind: HorizontalPodAutoscaler
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    spec:
-        maxReplicas: 5
-        metrics:
-            - resource:
-                name: cpu
-                target:
-                    averageUtilization: 80
-                    type: Utilization
-              type: Resource
-        minReplicas: 2
-        scaleTargetRef:
-            apiVersion: apps/v1
-            kind: Deployment
-            name: chartsnap-kong
-- object:
-    apiVersion: networking.k8s.io/v1
-    kind: Ingress
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        rules:
-            - host: proxy.kong.example
-              http:
-                paths:
-                    - backend:
-                        service:
-                            name: chartsnap-kong-proxy
-                            port:
-                                number: 443
-                      path: /
-                      pathType: ImplementationSpecific
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
-              protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
-              protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
-              protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
-              protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+    name: chartsnap-kong
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  rules:
+    - host: proxy.kong.example
+      http:
+        paths:
+          - backend:
+              service:
+                name: chartsnap-kong-proxy
+                port:
+                  number: 443
+            path: /
+            pathType: ImplementationSpecific
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-"""
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
+        namespace: default
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
diff --git a/charts/kong/kong/ci/__snapshots__/test2-values.snap b/charts/kong/kong/ci/__snapshots__/test2-values.snap
index 641245925..245c49d31 100644
--- a/charts/kong/kong/ci/__snapshots__/test2-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/test2-values.snap
@@ -1,2138 +1,2201 @@
-[test2-values]
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  password: a29uZw==
+  postgres-password: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    helm.sh/chart: postgresql-11.9.13
+  name: chartsnap-postgresql
+  namespace: default
+type: Opaque
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  test-env: test
+kind: ConfigMap
+metadata:
+  name: env-config
+---
+apiVersion: v1
+data:
+  wait.sh: |
+    until timeout 2 bash -c "9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}"
+      do echo "waiting for db - trying ${KONG_PG_HOST}:${KONG_PG_PORT}"
+      sleep 2
+    done
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-bash-wait-for-postgres
+  namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-default
+  namespace: default
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-default
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong-default
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    helm.sh/chart: postgresql-11.9.13
+    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+  name: chartsnap-postgresql-hl
+  namespace: default
+spec:
+  clusterIP: None
+  ports:
+    - name: tcp-postgresql
+      port: 5432
+      targetPort: tcp-postgresql
+  publishNotReadyAddresses: true
+  selector:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: postgresql
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations: null
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    helm.sh/chart: postgresql-11.9.13
+  name: chartsnap-postgresql
+  namespace: default
+spec:
+  ports:
+    - name: tcp-postgresql
+      nodePort: null
+      port: 5432
+      targetPort: tcp-postgresql
+  selector:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: postgresql
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+    - name: stream-9000
+      port: 9000
+      protocol: TCP
+      targetPort: 9000
+    - name: stream-9001
+      port: 9001
+      protocol: TCP
+      targetPort: 9001
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-          timeoutSeconds: 5
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        strategy:
-            rollingUpdate:
-                maxSurge: 1
-                maxUnavailable: 0
-            type: RollingUpdate
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ANONYMOUS_REPORTS
-                          value: \"false\"
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                        - name: CONTROLLER_WATCH_NAMESPACE
-                          value: default
-                        - name: TZ
-                          value: Europe/Berlin
-                      envFrom:
-                        - configMapRef:
-                            name: env-config
-                      image: kong/kubernetes-ingress-controller:3.1
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: chartsnap-kong-token
-                          readOnly: true
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      envFrom:
-                        - configMapRef:
-                            name: env-config
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 9000
-                          name: stream-9000
-                          protocol: TCP
-                        - containerPort: 9001
-                          name: stream-9001
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
-                      envFrom:
-                        - configMapRef:
-                            name: env-config
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                    - command:
-                        - /bin/sh
-                        - -c
-                        - \"true\"
-                      image: bash:latest
-                      name: bash
-                      resources:
-                        limits:
-                            cpu: 100m
-                            memory: 64Mi
-                        requests:
-                            cpu: 100m
-                            memory: 64Mi
-                    - args:
-                        - /bin/bash
-                        - -c
-                        - export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
-                      envFrom:
-                        - configMapRef:
-                            name: env-config
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: wait-for-db
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - configMap:
-                        defaultMode: 493
-                        name: chartsnap-kong-bash-wait-for-postgres
-                      name: chartsnap-kong-bash-wait-for-postgres
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: apps/v1
-    kind: StatefulSet
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ANONYMOUS_REPORTS
+              value: "false"
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+            - name: CONTROLLER_WATCH_NAMESPACE
+              value: default
+            - name: TZ
+              value: Europe/Berlin
+          envFrom:
+            - configMapRef:
+                name: env-config
+          image: kong/kubernetes-ingress-controller:3.2
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
+              protocol: TCP
+            - containerPort: 10255
+              name: cmetrics
+              protocol: TCP
+            - containerPort: 10254
+              name: cstatus
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          envFrom:
+            - configMapRef:
+                name: env-config
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
+              protocol: TCP
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 9000
+              name: stream-9000
+              protocol: TCP
+            - containerPort: 9001
+              name: stream-9001
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+          envFrom:
+            - configMapRef:
+                name: env-config
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+        - command:
+            - /bin/sh
+            - -c
+            - "true"
+          image: bash:latest
+          name: bash
+          resources:
+            limits:
+              cpu: 100m
+              memory: 64Mi
+            requests:
+              cpu: 100m
+              memory: 64Mi
+        - args:
+            - /bin/bash
+            - -c
+            - export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+          envFrom:
+            - configMapRef:
+                name: env-config
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: wait-for-db
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - configMap:
+            defaultMode: 493
+            name: chartsnap-kong-bash-wait-for-postgres
+          name: chartsnap-kong-bash-wait-for-postgres
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  annotations: null
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    helm.sh/chart: postgresql-11.9.13
+  name: chartsnap-postgresql
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: primary
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: postgresql
+  serviceName: chartsnap-postgresql-hl
+  template:
     metadata:
-        annotations: null
-        labels:
-            app.kubernetes.io/component: primary
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: postgresql
-            helm.sh/chart: postgresql-11.9.13
-        name: chartsnap-postgresql
-        namespace: default
+      annotations: null
+      labels:
+        app.kubernetes.io/component: primary
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: postgresql
+        helm.sh/chart: postgresql-11.9.13
+      name: chartsnap-postgresql
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: primary
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: postgresql
-        serviceName: chartsnap-postgresql-hl
-        template:
-            metadata:
-                annotations: null
-                labels:
+      affinity:
+        nodeAffinity: null
+        podAffinity: null
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchLabels:
                     app.kubernetes.io/component: primary
                     app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
                     app.kubernetes.io/name: postgresql
-                    helm.sh/chart: postgresql-11.9.13
-                name: chartsnap-postgresql
-            spec:
-                affinity:
-                    nodeAffinity: null
-                    podAffinity: null
-                    podAntiAffinity:
-                        preferredDuringSchedulingIgnoredDuringExecution:
-                            - podAffinityTerm:
-                                labelSelector:
-                                    matchLabels:
-                                        app.kubernetes.io/component: primary
-                                        app.kubernetes.io/instance: chartsnap
-                                        app.kubernetes.io/name: postgresql
-                                namespaces:
-                                    - default
-                                topologyKey: kubernetes.io/hostname
-                              weight: 1
-                containers:
-                    - env:
-                        - name: BITNAMI_DEBUG
-                          value: \"false\"
-                        - name: POSTGRESQL_PORT_NUMBER
-                          value: \"5432\"
-                        - name: POSTGRESQL_VOLUME_DIR
-                          value: /bitnami/postgresql
-                        - name: PGDATA
-                          value: /bitnami/postgresql/data
-                        - name: POSTGRES_USER
-                          value: kong
-                        - name: POSTGRES_POSTGRES_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: postgres-password
-                                name: chartsnap-postgresql
-                        - name: POSTGRES_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: POSTGRES_DB
-                          value: kong
-                        - name: POSTGRESQL_ENABLE_LDAP
-                          value: \"no\"
-                        - name: POSTGRESQL_ENABLE_TLS
-                          value: \"no\"
-                        - name: POSTGRESQL_LOG_HOSTNAME
-                          value: \"false\"
-                        - name: POSTGRESQL_LOG_CONNECTIONS
-                          value: \"false\"
-                        - name: POSTGRESQL_LOG_DISCONNECTIONS
-                          value: \"false\"
-                        - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
-                          value: \"off\"
-                        - name: POSTGRESQL_CLIENT_MIN_MESSAGES
-                          value: error
-                        - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
-                          value: pgaudit
-                      image: docker.io/bitnami/postgresql:13.11.0-debian-11-r20
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        exec:
-                            command:
-                                - /bin/sh
-                                - -c
-                                - exec pg_isready -U \"kong\" -d \"dbname=kong\" -h 127.0.0.1 -p 5432
-                        failureThreshold: 6
-                        initialDelaySeconds: 30
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: postgresql
-                      ports:
-                        - containerPort: 5432
-                          name: tcp-postgresql
-                      readinessProbe:
-                        exec:
-                            command:
-                                - /bin/sh
-                                - -c
-                                - -e
-                                - |
-                                  exec pg_isready -U \"kong\" -d \"dbname=kong\" -h 127.0.0.1 -p 5432
-                                  [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
-                        failureThreshold: 6
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources:
-                        limits: {}
-                        requests:
-                            cpu: 250m
-                            memory: 256Mi
-                      securityContext:
-                        runAsUser: 1001
-                      volumeMounts:
-                        - mountPath: /dev/shm
-                          name: dshm
-                        - mountPath: /bitnami/postgresql
-                          name: data
-                hostIPC: false
-                hostNetwork: false
-                initContainers: null
-                securityContext:
-                    fsGroup: 1001
-                serviceAccountName: default
-                volumes:
-                    - emptyDir:
-                        medium: Memory
-                      name: dshm
-        updateStrategy:
-            rollingUpdate: {}
-            type: RollingUpdate
-        volumeClaimTemplates:
-            - metadata:
-                name: data
-              spec:
-                accessModes:
-                    - ReadWriteOnce
-                resources:
-                    requests:
-                        storage: 8Gi
-- object:
-    apiVersion: batch/v1
-    kind: Job
+                namespaces:
+                  - default
+                topologyKey: kubernetes.io/hostname
+              weight: 1
+      containers:
+        - env:
+            - name: BITNAMI_DEBUG
+              value: "false"
+            - name: POSTGRESQL_PORT_NUMBER
+              value: "5432"
+            - name: POSTGRESQL_VOLUME_DIR
+              value: /bitnami/postgresql
+            - name: PGDATA
+              value: /bitnami/postgresql/data
+            - name: POSTGRES_USER
+              value: kong
+            - name: POSTGRES_POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: postgres-password
+                  name: chartsnap-postgresql
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: POSTGRES_DB
+              value: kong
+            - name: POSTGRESQL_ENABLE_LDAP
+              value: "no"
+            - name: POSTGRESQL_ENABLE_TLS
+              value: "no"
+            - name: POSTGRESQL_LOG_HOSTNAME
+              value: "false"
+            - name: POSTGRESQL_LOG_CONNECTIONS
+              value: "false"
+            - name: POSTGRESQL_LOG_DISCONNECTIONS
+              value: "false"
+            - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
+              value: "off"
+            - name: POSTGRESQL_CLIENT_MIN_MESSAGES
+              value: error
+            - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
+              value: pgaudit
+          image: docker.io/bitnami/postgresql:13.11.0-debian-11-r20
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - exec pg_isready -U "kong" -d "dbname=kong" -h 127.0.0.1 -p 5432
+            failureThreshold: 6
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: postgresql
+          ports:
+            - containerPort: 5432
+              name: tcp-postgresql
+          readinessProbe:
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - -e
+                - |
+                  exec pg_isready -U "kong" -d "dbname=kong" -h 127.0.0.1 -p 5432
+                  [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
+            failureThreshold: 6
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources:
+            limits: {}
+            requests:
+              cpu: 250m
+              memory: 256Mi
+          securityContext:
+            runAsUser: 1001
+          volumeMounts:
+            - mountPath: /dev/shm
+              name: dshm
+            - mountPath: /bitnami/postgresql
+              name: data
+      hostIPC: false
+      hostNetwork: false
+      initContainers: null
+      securityContext:
+        fsGroup: 1001
+      serviceAccountName: default
+      volumes:
+        - emptyDir:
+            medium: Memory
+          name: dshm
+  updateStrategy:
+    rollingUpdate: {}
+    type: RollingUpdate
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 8Gi
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
+  labels:
+    app.kubernetes.io/component: init-migrations
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-init-migrations
+  namespace: default
+spec:
+  backoffLimit: null
+  template:
     metadata:
-        annotations:
-            argocd.argoproj.io/hook: Sync
-            argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
-        labels:
-            app.kubernetes.io/component: init-migrations
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-init-migrations
-        namespace: default
+      annotations:
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        sidecar.istio.io/inject: "false"
+      labels:
+        app.kubernetes.io/component: init-migrations
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+      name: kong-init-migrations
     spec:
-        backoffLimit: null
-        template:
-            metadata:
-                annotations:
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    sidecar.istio.io/inject: \"false\"
-                labels:
-                    app.kubernetes.io/component: init-migrations
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                name: kong-init-migrations
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args:
-                        - kong
-                        - migrations
-                        - bootstrap
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      envFrom:
-                        - configMapRef:
-                            name: env-config
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: kong-migrations
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - /bin/sh
-                        - -c
-                        - \"true\"
-                      image: bash:latest
-                      name: bash
-                      resources:
-                        limits:
-                            cpu: 100m
-                            memory: 64Mi
-                        requests:
-                            cpu: 100m
-                            memory: 64Mi
-                    - command:
-                        - bash
-                        - /wait_postgres/wait.sh
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      envFrom:
-                        - configMapRef:
-                            name: env-config
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: wait-for-postgres
-                      resources: {}
-                      volumeMounts:
-                        - mountPath: /wait_postgres
-                          name: chartsnap-kong-bash-wait-for-postgres
-                restartPolicy: OnFailure
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - configMap:
-                        defaultMode: 493
-                        name: chartsnap-kong-bash-wait-for-postgres
-                      name: chartsnap-kong-bash-wait-for-postgres
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: batch/v1
-    kind: Job
-    metadata:
-        annotations:
-            helm.sh/hook: post-upgrade
-            helm.sh/hook-delete-policy: before-hook-creation
-        labels:
-            app.kubernetes.io/component: post-upgrade-migrations
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-post-upgrade-migrations
-        namespace: default
-    spec:
-        backoffLimit: null
-        template:
-            metadata:
-                annotations:
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    sidecar.istio.io/inject: \"false\"
-                labels:
-                    app.kubernetes.io/component: post-upgrade-migrations
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                name: kong-post-upgrade-migrations
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args:
-                        - kong
-                        - migrations
-                        - finish
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      envFrom:
-                        - configMapRef:
-                            name: env-config
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: kong-post-upgrade-migrations
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - /bin/sh
-                        - -c
-                        - \"true\"
-                      image: bash:latest
-                      name: bash
-                      resources:
-                        limits:
-                            cpu: 100m
-                            memory: 64Mi
-                        requests:
-                            cpu: 100m
-                            memory: 64Mi
-                    - command:
-                        - bash
-                        - /wait_postgres/wait.sh
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      envFrom:
-                        - configMapRef:
-                            name: env-config
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: wait-for-postgres
-                      resources: {}
-                      volumeMounts:
-                        - mountPath: /wait_postgres
-                          name: chartsnap-kong-bash-wait-for-postgres
-                restartPolicy: OnFailure
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - configMap:
-                        defaultMode: 493
-                        name: chartsnap-kong-bash-wait-for-postgres
-                      name: chartsnap-kong-bash-wait-for-postgres
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: batch/v1
-    kind: Job
-    metadata:
-        annotations:
-            argocd.argoproj.io/hook: Sync
-            argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
-            helm.sh/hook: pre-upgrade
-            helm.sh/hook-delete-policy: before-hook-creation
-        labels:
-            app.kubernetes.io/component: pre-upgrade-migrations
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-pre-upgrade-migrations
-        namespace: default
-    spec:
-        backoffLimit: null
-        template:
-            metadata:
-                annotations:
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    sidecar.istio.io/inject: \"false\"
-                labels:
-                    app.kubernetes.io/component: pre-upgrade-migrations
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                name: kong-pre-upgrade-migrations
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args:
-                        - kong
-                        - migrations
-                        - up
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      envFrom:
-                        - configMapRef:
-                            name: env-config
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: kong-upgrade-migrations
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - /bin/sh
-                        - -c
-                        - \"true\"
-                      image: bash:latest
-                      name: bash
-                      resources:
-                        limits:
-                            cpu: 100m
-                            memory: 64Mi
-                        requests:
-                            cpu: 100m
-                            memory: 64Mi
-                    - command:
-                        - bash
-                        - /wait_postgres/wait.sh
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      envFrom:
-                        - configMapRef:
-                            name: env-config
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: wait-for-postgres
-                      resources: {}
-                      volumeMounts:
-                        - mountPath: /wait_postgres
-                          name: chartsnap-kong-bash-wait-for-postgres
-                restartPolicy: OnFailure
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - configMap:
-                        defaultMode: 493
-                        name: chartsnap-kong-bash-wait-for-postgres
-                      name: chartsnap-kong-bash-wait-for-postgres
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: networking.k8s.io/v1
-    kind: Ingress
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        rules:
-            - host: proxy.kong.example
-              http:
-                paths:
-                    - backend:
-                        service:
-                            name: chartsnap-kong-proxy
-                            port:
-                                number: 443
-                      path: /
-                      pathType: ImplementationSpecific
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
+      automountServiceAccountToken: false
+      containers:
+        - args:
+            - kong
+            - migrations
+            - bootstrap
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          envFrom:
+            - configMapRef:
+                name: env-config
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: kong-migrations
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - /bin/sh
+            - -c
+            - "true"
+          image: bash:latest
+          name: bash
           resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-default
-        namespace: default
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-default
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong-default
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        wait.sh: |
-            until timeout 2 bash -c \"9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}\"
-              do echo \"waiting for db - trying ${KONG_PG_HOST}:${KONG_PG_PORT}\"
-              sleep 2
-            done
-    kind: ConfigMap
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-bash-wait-for-postgres
-        namespace: default
-- object:
-    apiVersion: v1
-    data:
-        test-env: test
-    kind: ConfigMap
-    metadata:
-        name: env-config
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        password: a29uZw==
-        postgres-password: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: postgresql
-            helm.sh/chart: postgresql-11.9.13
-        name: chartsnap-postgresql
-        namespace: default
-    type: Opaque
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
-              protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
-              protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
-              protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
-              protocol: TCP
-              targetPort: 8443
-            - name: stream-9000
-              port: 9000
-              protocol: TCP
-              targetPort: 9000
-            - name: stream-9001
-              port: 9001
-              protocol: TCP
-              targetPort: 9001
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+            limits:
+              cpu: 100m
+              memory: 64Mi
+            requests:
+              cpu: 100m
+              memory: 64Mi
+        - command:
+            - bash
+            - /wait_postgres/wait.sh
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          envFrom:
+            - configMapRef:
+                name: env-config
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: wait-for-postgres
+          resources: {}
+          volumeMounts:
+            - mountPath: /wait_postgres
+              name: chartsnap-kong-bash-wait-for-postgres
+      restartPolicy: OnFailure
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - configMap:
+            defaultMode: 493
+            name: chartsnap-kong-bash-wait-for-postgres
+          name: chartsnap-kong-bash-wait-for-postgres
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  rules:
+    - host: proxy.kong.example
+      http:
+        paths:
+          - backend:
+              service:
+                name: chartsnap-kong-proxy
+                port:
+                  number: 443
+            path: /
+            pathType: ImplementationSpecific
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        annotations: null
-        labels:
-            app.kubernetes.io/component: primary
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: postgresql
-            helm.sh/chart: postgresql-11.9.13
-        name: chartsnap-postgresql
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+    timeoutSeconds: 5
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: tcp-postgresql
-              nodePort: null
-              port: 5432
-              targetPort: tcp-postgresql
-        selector:
-            app.kubernetes.io/component: primary
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: postgresql
-        sessionAffinity: None
-        type: ClusterIP
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/component: primary
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: postgresql
-            helm.sh/chart: postgresql-11.9.13
-            service.alpha.kubernetes.io/tolerate-unready-endpoints: \"true\"
-        name: chartsnap-postgresql-hl
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/validate
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+    timeoutSeconds: 5
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        clusterIP: None
-        ports:
-            - name: tcp-postgresql
-              port: 5432
-              targetPort: tcp-postgresql
-        publishNotReadyAddresses: true
-        selector:
-            app.kubernetes.io/component: primary
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: postgresql
-        type: ClusterIP
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
+    timeoutSeconds: 5
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    helm.sh/hook: post-upgrade
+    helm.sh/hook-delete-policy: before-hook-creation
+  labels:
+    app.kubernetes.io/component: post-upgrade-migrations
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-post-upgrade-migrations
+  namespace: default
+spec:
+  backoffLimit: null
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-"""
+      annotations:
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        sidecar.istio.io/inject: "false"
+      labels:
+        app.kubernetes.io/component: post-upgrade-migrations
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+      name: kong-post-upgrade-migrations
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - args:
+            - kong
+            - migrations
+            - finish
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          envFrom:
+            - configMapRef:
+                name: env-config
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: kong-post-upgrade-migrations
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - /bin/sh
+            - -c
+            - "true"
+          image: bash:latest
+          name: bash
+          resources:
+            limits:
+              cpu: 100m
+              memory: 64Mi
+            requests:
+              cpu: 100m
+              memory: 64Mi
+        - command:
+            - bash
+            - /wait_postgres/wait.sh
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          envFrom:
+            - configMapRef:
+                name: env-config
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: wait-for-postgres
+          resources: {}
+          volumeMounts:
+            - mountPath: /wait_postgres
+              name: chartsnap-kong-bash-wait-for-postgres
+      restartPolicy: OnFailure
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - configMap:
+            defaultMode: 493
+            name: chartsnap-kong-bash-wait-for-postgres
+          name: chartsnap-kong-bash-wait-for-postgres
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
+    helm.sh/hook: pre-upgrade
+    helm.sh/hook-delete-policy: before-hook-creation
+  labels:
+    app.kubernetes.io/component: pre-upgrade-migrations
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-pre-upgrade-migrations
+  namespace: default
+spec:
+  backoffLimit: null
+  template:
+    metadata:
+      annotations:
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        sidecar.istio.io/inject: "false"
+      labels:
+        app.kubernetes.io/component: pre-upgrade-migrations
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+      name: kong-pre-upgrade-migrations
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - args:
+            - kong
+            - migrations
+            - up
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          envFrom:
+            - configMapRef:
+                name: env-config
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: kong-upgrade-migrations
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - /bin/sh
+            - -c
+            - "true"
+          image: bash:latest
+          name: bash
+          resources:
+            limits:
+              cpu: 100m
+              memory: 64Mi
+            requests:
+              cpu: 100m
+              memory: 64Mi
+        - command:
+            - bash
+            - /wait_postgres/wait.sh
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          envFrom:
+            - configMapRef:
+                name: env-config
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: wait-for-postgres
+          resources: {}
+          volumeMounts:
+            - mountPath: /wait_postgres
+              name: chartsnap-kong-bash-wait-for-postgres
+      restartPolicy: OnFailure
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - configMap:
+            defaultMode: 493
+            name: chartsnap-kong-bash-wait-for-postgres
+          name: chartsnap-kong-bash-wait-for-postgres
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
diff --git a/charts/kong/kong/ci/__snapshots__/test3-values.snap b/charts/kong/kong/ci/__snapshots__/test3-values.snap
index 07233ea33..ae46710b9 100644
--- a/charts/kong/kong/ci/__snapshots__/test3-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/test3-values.snap
@@ -1,369 +1,365 @@
-[test3-values]
-SnapShot = """
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  kong.yml: |
+    _format_version: "1.1"
+    services:
+      - name: example.com
+        url: http://example.com
+        routes:
+        - name: example
+          paths:
+          - "/example"
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-custom-dbless-config
+  namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        checksum/dbless.config: 95c0309e6b27de23d64edae3a3602472635243f133fba88af3034ed4d5703d4a
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    checksum/dbless.config: 95c0309e6b27de23d64edae3a3602472635243f133fba88af3034ed4d5703d4a
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_DECLARATIVE_CONFIG
-                          value: /kong_dbless/kong.yml
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                        - mountPath: /kong_dbless/
-                          name: kong-custom-dbless-config-volume
-                        - mountPath: /opt/tmp
-                          name: tmpdir
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_DECLARATIVE_CONFIG
-                          value: /kong_dbless/kong.yml
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                        - mountPath: /kong_dbless/
-                          name: kong-custom-dbless-config-volume
-                    - command:
-                        - /bin/sh
-                        - -c
-                        - \"true\"
-                      image: bash:latest
-                      name: bash
-                      resources:
-                        limits:
-                            cpu: 100m
-                            memory: 64Mi
-                        requests:
-                            cpu: 100m
-                            memory: 64Mi
-                      volumeMounts:
-                        - mountPath: /opt/tmp
-                          name: tmpdir
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - configMap:
-                        name: chartsnap-kong-custom-dbless-config
-                      name: kong-custom-dbless-config-volume
-                    - emptyDir: {}
-                      name: tmpdir
-- object:
-    apiVersion: v1
-    data:
-        kong.yml: |
-            _format_version: \"1.1\"
-            services:
-              - name: example.com
-                url: http://example.com
-                routes:
-                - name: example
-                  paths:
-                  - \"/example\"
-    kind: ConfigMap
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-custom-dbless-config
-        namespace: default
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_DECLARATIVE_CONFIG
+              value: /kong_dbless/kong.yml
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 8443
+              name: proxy-tls
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 8100
+              name: status
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
-              protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-"""
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+            - mountPath: /kong_dbless/
+              name: kong-custom-dbless-config-volume
+            - mountPath: /opt/tmp
+              name: tmpdir
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_DECLARATIVE_CONFIG
+              value: /kong_dbless/kong.yml
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+            - mountPath: /kong_dbless/
+              name: kong-custom-dbless-config-volume
+        - command:
+            - /bin/sh
+            - -c
+            - "true"
+          image: bash:latest
+          name: bash
+          resources:
+            limits:
+              cpu: 100m
+              memory: 64Mi
+            requests:
+              cpu: 100m
+              memory: 64Mi
+          volumeMounts:
+            - mountPath: /opt/tmp
+              name: tmpdir
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - configMap:
+            name: chartsnap-kong-custom-dbless-config
+          name: kong-custom-dbless-config-volume
+        - emptyDir: {}
+          name: tmpdir
diff --git a/charts/kong/kong/ci/__snapshots__/test4-values.snap b/charts/kong/kong/ci/__snapshots__/test4-values.snap
index 31f738f57..7df3b588f 100644
--- a/charts/kong/kong/ci/__snapshots__/test4-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/test4-values.snap
@@ -1,386 +1,382 @@
-[test4-values]
-SnapShot = """
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  kong.yml: |
+    _format_version: "1.1"
+    services:
+      - name: example.com
+        url: http://example.com
+        routes:
+        - name: example
+          paths:
+          - "/example"
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-custom-dbless-config
+  namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+    - name: stream-9000
+      port: 9000
+      protocol: TCP
+      targetPort: 9000
+    - name: stream-9001
+      port: 9001
+      protocol: TCP
+      targetPort: 9001
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        checksum/dbless.config: 95c0309e6b27de23d64edae3a3602472635243f133fba88af3034ed4d5703d4a
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        template:
-            metadata:
-                annotations:
-                    checksum/dbless.config: 95c0309e6b27de23d64edae3a3602472635243f133fba88af3034ed4d5703d4a
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_DECLARATIVE_CONFIG
-                          value: /kong_dbless/kong.yml
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 9000
-                          name: stream-9000
-                          protocol: TCP
-                        - containerPort: 9001
-                          name: stream-9001
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                        - mountPath: /kong_dbless/
-                          name: kong-custom-dbless-config-volume
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: \"off\"
-                        - name: KONG_DECLARATIVE_CONFIG
-                          value: /kong_dbless/kong.yml
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                        - mountPath: /kong_dbless/
-                          name: kong-custom-dbless-config-volume
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - configMap:
-                        name: chartsnap-kong-custom-dbless-config
-                      name: kong-custom-dbless-config-volume
-- object:
-    apiVersion: networking.k8s.io/v1
-    kind: Ingress
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        rules:
-            - http:
-                paths:
-                    - backend:
-                        service:
-                            name: chartsnap-kong-proxy
-                            port:
-                                number: 443
-                      path: /
-                      pathType: ImplementationSpecific
-- object:
-    apiVersion: v1
-    data:
-        kong.yml: |
-            _format_version: \"1.1\"
-            services:
-              - name: example.com
-                url: http://example.com
-                routes:
-                - name: example
-                  paths:
-                  - \"/example\"
-    kind: ConfigMap
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-custom-dbless-config
-        namespace: default
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
+      automountServiceAccountToken: false
+      containers:
+        - env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_DECLARATIVE_CONFIG
+              value: /kong_dbless/kong.yml
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
               protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
+            - containerPort: 8443
+              name: proxy-tls
               protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
+            - containerPort: 9000
+              name: stream-9000
               protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
+            - containerPort: 9001
+              name: stream-9001
               protocol: TCP
-              targetPort: 8443
-            - name: stream-9000
-              port: 9000
+            - containerPort: 8100
+              name: status
               protocol: TCP
-              targetPort: 9000
-            - name: stream-9001
-              port: 9001
-              protocol: TCP
-              targetPort: 9001
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-"""
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+            - mountPath: /kong_dbless/
+              name: kong-custom-dbless-config-volume
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_DECLARATIVE_CONFIG
+              value: /kong_dbless/kong.yml
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+            - mountPath: /kong_dbless/
+              name: kong-custom-dbless-config-volume
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - configMap:
+            name: chartsnap-kong-custom-dbless-config
+          name: kong-custom-dbless-config-volume
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  rules:
+    - http:
+        paths:
+          - backend:
+              service:
+                name: chartsnap-kong-proxy
+                port:
+                  number: 443
+            path: /
+            pathType: ImplementationSpecific
diff --git a/charts/kong/kong/ci/__snapshots__/test5-values.snap b/charts/kong/kong/ci/__snapshots__/test5-values.snap
index 2d3f4ba41..f030e430c 100644
--- a/charts/kong/kong/ci/__snapshots__/test5-values.snap
+++ b/charts/kong/kong/ci/__snapshots__/test5-values.snap
@@ -1,2015 +1,2078 @@
-[test5-values]
-SnapShot = """
-- object:
-    apiVersion: admissionregistration.k8s.io/v1
-    kind: ValidatingWebhookConfiguration
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+---
+apiVersion: v1
+data:
+  password: a29uZw==
+  postgres-password: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    helm.sh/chart: postgresql-11.9.13
+  name: chartsnap-postgresql
+  namespace: default
+type: Opaque
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-ca-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  tls.crt: '###DYNAMIC_FIELD###'
+  tls.key: '###DYNAMIC_FIELD###'
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook-keypair
+  namespace: default
+type: kubernetes.io/tls
+---
+apiVersion: v1
+data:
+  wait.sh: |
+    until timeout 2 bash -c "9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}"
+      do echo "waiting for db - trying ${KONG_PG_HOST}:${KONG_PG_PORT}"
+      sleep 2
+    done
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-bash-wait-for-postgres
+  namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+rules:
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongcustomentities/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongupstreampolicies/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumergroups/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - ingressclassparameterses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongconsumers/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - tcpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - udpingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - konglicenses/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongvaults/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - configuration.konghq.com
+    resources:
+      - kongclusterplugins/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - pods
+      - secrets
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - kong-ingress-controller-leader-kong-kong
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: chartsnap-kong
+subjects:
+  - kind: ServiceAccount
+    name: chartsnap-kong
+    namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    helm.sh/chart: postgresql-11.9.13
+    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+  name: chartsnap-postgresql-hl
+  namespace: default
+spec:
+  clusterIP: None
+  ports:
+    - name: tcp-postgresql
+      port: 5432
+      targetPort: tcp-postgresql
+  publishNotReadyAddresses: true
+  selector:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: postgresql
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations: null
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    helm.sh/chart: postgresql-11.9.13
+  name: chartsnap-postgresql
+  namespace: default
+spec:
+  ports:
+    - name: tcp-postgresql
+      nodePort: null
+      port: 5432
+      targetPort: tcp-postgresql
+  selector:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: postgresql
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validation-webhook
+  namespace: default
+spec:
+  ports:
+    - name: webhook
+      port: 443
+      protocol: TCP
+      targetPort: webhook
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-manager
+  namespace: default
+spec:
+  ports:
+    - name: kong-manager
+      port: 8002
+      protocol: TCP
+      targetPort: 8002
+    - name: kong-manager-tls
+      port: 8445
+      protocol: TCP
+      targetPort: 8445
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: NodePort
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    enable-metrics: "true"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  ports:
+    - name: kong-proxy
+      port: 80
+      protocol: TCP
+      targetPort: 8000
+    - name: kong-proxy-tls
+      port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/name: kong
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: app
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: app
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: kong
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validations
-        namespace: default
-    webhooks:
-        - admissionReviewVersions:
-            - v1beta1
-          clientConfig:
-            caBundle: '###DYNAMIC_FIELD###'
-            service:
-                name: chartsnap-kong-validation-webhook
-                namespace: default
-          failurePolicy: Ignore
-          name: validations.kong.konghq.com
-          objectSelector:
-            matchExpressions:
-                - key: owner
-                  operator: NotIn
-                  values:
-                    - helm
-          rules:
-            - apiGroups:
-                - configuration.konghq.com
-              apiVersions:
-                - '*'
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - kongconsumers
-                - kongplugins
-                - kongclusterplugins
-                - kongingresses
-            - apiGroups:
-                - \"\"
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - secrets
-                - services
-            - apiGroups:
-                - networking.k8s.io
-              apiVersions:
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - ingresses
-            - apiGroups:
-                - gateway.networking.k8s.io
-              apiVersions:
-                - v1alpha2
-                - v1beta1
-                - v1
-              operations:
-                - CREATE
-                - UPDATE
-              resources:
-                - gateways
-                - httproutes
-          sideEffects: None
-- object:
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-        labels:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
+      annotations:
+        kuma.io/gateway: enabled
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        traffic.sidecar.istio.io/includeInboundPorts: ""
+      labels:
+        app: chartsnap-kong
+        app.kubernetes.io/component: app
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+        version: "3.6"
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: app
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: kong
-        strategy:
-            rollingUpdate:
-                maxSurge: 1
-                maxUnavailable: 0
-            type: RollingUpdate
-        template:
-            metadata:
-                annotations:
-                    kuma.io/gateway: enabled
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    traffic.sidecar.istio.io/includeInboundPorts: \"\"
-                labels:
-                    app: chartsnap-kong
-                    app.kubernetes.io/component: app
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                    version: \"3.6\"
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args: null
-                      env:
-                        - name: POD_NAME
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.name
-                        - name: POD_NAMESPACE
-                          valueFrom:
-                            fieldRef:
-                                apiVersion: v1
-                                fieldPath: metadata.namespace
-                        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
-                          value: 0.0.0.0:8080
-                        - name: CONTROLLER_ANONYMOUS_REPORTS
-                          value: \"false\"
-                        - name: CONTROLLER_ELECTION_ID
-                          value: kong-ingress-controller-leader-kong
-                        - name: CONTROLLER_INGRESS_CLASS
-                          value: kong
-                        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
-                          value: \"true\"
-                        - name: CONTROLLER_KONG_ADMIN_URL
-                          value: https://localhost:8444
-                        - name: CONTROLLER_PUBLISH_SERVICE
-                          value: default/chartsnap-kong-proxy
-                      image: kong/kubernetes-ingress-controller:3.1
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /healthz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: ingress-controller
-                      ports:
-                        - containerPort: 8080
-                          name: webhook
-                          protocol: TCP
-                        - containerPort: 10255
-                          name: cmetrics
-                          protocol: TCP
-                        - containerPort: 10254
-                          name: cstatus
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /readyz
-                            port: 10254
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /admission-webhook
-                          name: webhook-cert
-                          readOnly: true
-                        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-                          name: chartsnap-kong-token
-                          readOnly: true
-                    - env:
-                        - name: CLIENT_ID
-                          value: exampleId
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      lifecycle:
-                        preStop:
-                            exec:
-                                command:
-                                    - kong
-                                    - quit
-                                    - --wait=15
-                      livenessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: proxy
-                      ports:
-                        - containerPort: 8000
-                          name: proxy
-                          protocol: TCP
-                        - containerPort: 8443
-                          name: proxy-tls
-                          protocol: TCP
-                        - containerPort: 8100
-                          name: status
-                          protocol: TCP
-                      readinessProbe:
-                        failureThreshold: 3
-                        httpGet:
-                            path: /status/ready
-                            port: status
-                            scheme: HTTP
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - rm
-                        - -vrf
-                        - $KONG_PREFIX/pids
-                      env:
-                        - name: CLIENT_ID
-                          value: exampleId
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: clear-stale-pid
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                    - args:
-                        - /bin/bash
-                        - -c
-                        - export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop
-                      env:
-                        - name: CLIENT_ID
-                          value: exampleId
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: wait-for-db
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                terminationGracePeriodSeconds: 30
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - configMap:
-                        defaultMode: 493
-                        name: chartsnap-kong-bash-wait-for-postgres
-                      name: chartsnap-kong-bash-wait-for-postgres
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: apps/v1
-    kind: StatefulSet
+      automountServiceAccountToken: false
+      containers:
+        - args: null
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+              value: 0.0.0.0:8080
+            - name: CONTROLLER_ANONYMOUS_REPORTS
+              value: "false"
+            - name: CONTROLLER_ELECTION_ID
+              value: kong-ingress-controller-leader-kong
+            - name: CONTROLLER_INGRESS_CLASS
+              value: kong
+            - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
+              value: "true"
+            - name: CONTROLLER_KONG_ADMIN_URL
+              value: https://localhost:8444
+            - name: CONTROLLER_PUBLISH_SERVICE
+              value: default/chartsnap-kong-proxy
+          image: kong/kubernetes-ingress-controller:3.2
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: ingress-controller
+          ports:
+            - containerPort: 8080
+              name: webhook
+              protocol: TCP
+            - containerPort: 10255
+              name: cmetrics
+              protocol: TCP
+            - containerPort: 10254
+              name: cstatus
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /readyz
+              port: 10254
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /admission-webhook
+              name: webhook-cert
+              readOnly: true
+            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+              name: chartsnap-kong-token
+              readOnly: true
+        - env:
+            - name: CLIENT_ID
+              value: exampleId
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - kong
+                  - quit
+                  - --wait=15
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: proxy
+          ports:
+            - containerPort: 8000
+              name: proxy
+              protocol: TCP
+            - containerPort: 8443
+              name: proxy-tls
+              protocol: TCP
+            - containerPort: 8100
+              name: status
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /status/ready
+              port: status
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - rm
+            - -vrf
+            - $KONG_PREFIX/pids
+          env:
+            - name: CLIENT_ID
+              value: exampleId
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: clear-stale-pid
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+        - args:
+            - /bin/bash
+            - -c
+            - export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop
+          env:
+            - name: CLIENT_ID
+              value: exampleId
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: wait-for-db
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - configMap:
+            defaultMode: 493
+            name: chartsnap-kong-bash-wait-for-postgres
+          name: chartsnap-kong-bash-wait-for-postgres
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  annotations: null
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    helm.sh/chart: postgresql-11.9.13
+  name: chartsnap-postgresql
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: primary
+      app.kubernetes.io/instance: chartsnap
+      app.kubernetes.io/name: postgresql
+  serviceName: chartsnap-postgresql-hl
+  template:
     metadata:
-        annotations: null
-        labels:
-            app.kubernetes.io/component: primary
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: postgresql
-            helm.sh/chart: postgresql-11.9.13
-        name: chartsnap-postgresql
-        namespace: default
+      annotations: null
+      labels:
+        app.kubernetes.io/component: primary
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: postgresql
+        helm.sh/chart: postgresql-11.9.13
+      name: chartsnap-postgresql
     spec:
-        replicas: 1
-        selector:
-            matchLabels:
-                app.kubernetes.io/component: primary
-                app.kubernetes.io/instance: chartsnap
-                app.kubernetes.io/name: postgresql
-        serviceName: chartsnap-postgresql-hl
-        template:
-            metadata:
-                annotations: null
-                labels:
+      affinity:
+        nodeAffinity: null
+        podAffinity: null
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchLabels:
                     app.kubernetes.io/component: primary
                     app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
                     app.kubernetes.io/name: postgresql
-                    helm.sh/chart: postgresql-11.9.13
-                name: chartsnap-postgresql
-            spec:
-                affinity:
-                    nodeAffinity: null
-                    podAffinity: null
-                    podAntiAffinity:
-                        preferredDuringSchedulingIgnoredDuringExecution:
-                            - podAffinityTerm:
-                                labelSelector:
-                                    matchLabels:
-                                        app.kubernetes.io/component: primary
-                                        app.kubernetes.io/instance: chartsnap
-                                        app.kubernetes.io/name: postgresql
-                                namespaces:
-                                    - default
-                                topologyKey: kubernetes.io/hostname
-                              weight: 1
-                containers:
-                    - env:
-                        - name: BITNAMI_DEBUG
-                          value: \"false\"
-                        - name: POSTGRESQL_PORT_NUMBER
-                          value: \"5432\"
-                        - name: POSTGRESQL_VOLUME_DIR
-                          value: /bitnami/postgresql
-                        - name: PGDATA
-                          value: /bitnami/postgresql/data
-                        - name: POSTGRES_USER
-                          value: kong
-                        - name: POSTGRES_POSTGRES_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: postgres-password
-                                name: chartsnap-postgresql
-                        - name: POSTGRES_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: POSTGRES_DB
-                          value: kong
-                        - name: POSTGRESQL_ENABLE_LDAP
-                          value: \"no\"
-                        - name: POSTGRESQL_ENABLE_TLS
-                          value: \"no\"
-                        - name: POSTGRESQL_LOG_HOSTNAME
-                          value: \"false\"
-                        - name: POSTGRESQL_LOG_CONNECTIONS
-                          value: \"false\"
-                        - name: POSTGRESQL_LOG_DISCONNECTIONS
-                          value: \"false\"
-                        - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
-                          value: \"off\"
-                        - name: POSTGRESQL_CLIENT_MIN_MESSAGES
-                          value: error
-                        - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
-                          value: pgaudit
-                      image: docker.io/bitnami/postgresql:13.11.0-debian-11-r20
-                      imagePullPolicy: IfNotPresent
-                      livenessProbe:
-                        exec:
-                            command:
-                                - /bin/sh
-                                - -c
-                                - exec pg_isready -U \"kong\" -d \"dbname=kong\" -h 127.0.0.1 -p 5432
-                        failureThreshold: 6
-                        initialDelaySeconds: 30
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      name: postgresql
-                      ports:
-                        - containerPort: 5432
-                          name: tcp-postgresql
-                      readinessProbe:
-                        exec:
-                            command:
-                                - /bin/sh
-                                - -c
-                                - -e
-                                - |
-                                  exec pg_isready -U \"kong\" -d \"dbname=kong\" -h 127.0.0.1 -p 5432
-                                  [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
-                        failureThreshold: 6
-                        initialDelaySeconds: 5
-                        periodSeconds: 10
-                        successThreshold: 1
-                        timeoutSeconds: 5
-                      resources:
-                        limits: {}
-                        requests:
-                            cpu: 250m
-                            memory: 256Mi
-                      securityContext:
-                        runAsUser: 1001
-                      volumeMounts:
-                        - mountPath: /dev/shm
-                          name: dshm
-                        - mountPath: /bitnami/postgresql
-                          name: data
-                hostIPC: false
-                hostNetwork: false
-                initContainers: null
-                securityContext:
-                    fsGroup: 1001
-                serviceAccountName: default
-                volumes:
-                    - emptyDir:
-                        medium: Memory
-                      name: dshm
-        updateStrategy:
-            rollingUpdate: {}
-            type: RollingUpdate
-        volumeClaimTemplates:
-            - metadata:
-                name: data
-              spec:
-                accessModes:
-                    - ReadWriteOnce
-                resources:
-                    requests:
-                        storage: 8Gi
-- object:
-    apiVersion: batch/v1
-    kind: Job
+                namespaces:
+                  - default
+                topologyKey: kubernetes.io/hostname
+              weight: 1
+      containers:
+        - env:
+            - name: BITNAMI_DEBUG
+              value: "false"
+            - name: POSTGRESQL_PORT_NUMBER
+              value: "5432"
+            - name: POSTGRESQL_VOLUME_DIR
+              value: /bitnami/postgresql
+            - name: PGDATA
+              value: /bitnami/postgresql/data
+            - name: POSTGRES_USER
+              value: kong
+            - name: POSTGRES_POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: postgres-password
+                  name: chartsnap-postgresql
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: POSTGRES_DB
+              value: kong
+            - name: POSTGRESQL_ENABLE_LDAP
+              value: "no"
+            - name: POSTGRESQL_ENABLE_TLS
+              value: "no"
+            - name: POSTGRESQL_LOG_HOSTNAME
+              value: "false"
+            - name: POSTGRESQL_LOG_CONNECTIONS
+              value: "false"
+            - name: POSTGRESQL_LOG_DISCONNECTIONS
+              value: "false"
+            - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
+              value: "off"
+            - name: POSTGRESQL_CLIENT_MIN_MESSAGES
+              value: error
+            - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
+              value: pgaudit
+          image: docker.io/bitnami/postgresql:13.11.0-debian-11-r20
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - exec pg_isready -U "kong" -d "dbname=kong" -h 127.0.0.1 -p 5432
+            failureThreshold: 6
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: postgresql
+          ports:
+            - containerPort: 5432
+              name: tcp-postgresql
+          readinessProbe:
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - -e
+                - |
+                  exec pg_isready -U "kong" -d "dbname=kong" -h 127.0.0.1 -p 5432
+                  [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
+            failureThreshold: 6
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          resources:
+            limits: {}
+            requests:
+              cpu: 250m
+              memory: 256Mi
+          securityContext:
+            runAsUser: 1001
+          volumeMounts:
+            - mountPath: /dev/shm
+              name: dshm
+            - mountPath: /bitnami/postgresql
+              name: data
+      hostIPC: false
+      hostNetwork: false
+      initContainers: null
+      securityContext:
+        fsGroup: 1001
+      serviceAccountName: default
+      volumes:
+        - emptyDir:
+            medium: Memory
+          name: dshm
+  updateStrategy:
+    rollingUpdate: {}
+    type: RollingUpdate
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 8Gi
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
+  labels:
+    app.kubernetes.io/component: init-migrations
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-init-migrations
+  namespace: default
+spec:
+  backoffLimit: null
+  template:
     metadata:
-        annotations:
-            argocd.argoproj.io/hook: Sync
-            argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
-        labels:
-            app.kubernetes.io/component: init-migrations
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-init-migrations
-        namespace: default
+      annotations:
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        sidecar.istio.io/inject: "false"
+      labels:
+        app.kubernetes.io/component: init-migrations
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+      name: kong-init-migrations
     spec:
-        backoffLimit: null
-        template:
-            metadata:
-                annotations:
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    sidecar.istio.io/inject: \"false\"
-                labels:
-                    app.kubernetes.io/component: init-migrations
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                name: kong-init-migrations
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args:
-                        - kong
-                        - migrations
-                        - bootstrap
-                      env:
-                        - name: CLIENT_ID
-                          value: exampleId
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: kong-migrations
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - bash
-                        - /wait_postgres/wait.sh
-                      env:
-                        - name: CLIENT_ID
-                          value: exampleId
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: wait-for-postgres
-                      resources: {}
-                      volumeMounts:
-                        - mountPath: /wait_postgres
-                          name: chartsnap-kong-bash-wait-for-postgres
-                restartPolicy: OnFailure
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - configMap:
-                        defaultMode: 493
-                        name: chartsnap-kong-bash-wait-for-postgres
-                      name: chartsnap-kong-bash-wait-for-postgres
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: batch/v1
-    kind: Job
-    metadata:
-        annotations:
-            helm.sh/hook: post-upgrade
-            helm.sh/hook-delete-policy: before-hook-creation
-        labels:
-            app.kubernetes.io/component: post-upgrade-migrations
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-post-upgrade-migrations
-        namespace: default
-    spec:
-        backoffLimit: null
-        template:
-            metadata:
-                annotations:
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    sidecar.istio.io/inject: \"false\"
-                labels:
-                    app.kubernetes.io/component: post-upgrade-migrations
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                name: kong-post-upgrade-migrations
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args:
-                        - kong
-                        - migrations
-                        - finish
-                      env:
-                        - name: CLIENT_ID
-                          value: exampleId
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: kong-post-upgrade-migrations
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - bash
-                        - /wait_postgres/wait.sh
-                      env:
-                        - name: CLIENT_ID
-                          value: exampleId
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: wait-for-postgres
-                      resources: {}
-                      volumeMounts:
-                        - mountPath: /wait_postgres
-                          name: chartsnap-kong-bash-wait-for-postgres
-                restartPolicy: OnFailure
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - configMap:
-                        defaultMode: 493
-                        name: chartsnap-kong-bash-wait-for-postgres
-                      name: chartsnap-kong-bash-wait-for-postgres
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: batch/v1
-    kind: Job
-    metadata:
-        annotations:
-            argocd.argoproj.io/hook: Sync
-            argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
-            helm.sh/hook: pre-upgrade
-            helm.sh/hook-delete-policy: before-hook-creation
-        labels:
-            app.kubernetes.io/component: pre-upgrade-migrations
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-pre-upgrade-migrations
-        namespace: default
-    spec:
-        backoffLimit: null
-        template:
-            metadata:
-                annotations:
-                    kuma.io/service-account-token-volume: chartsnap-kong-token
-                    sidecar.istio.io/inject: \"false\"
-                labels:
-                    app.kubernetes.io/component: pre-upgrade-migrations
-                    app.kubernetes.io/instance: chartsnap
-                    app.kubernetes.io/managed-by: Helm
-                    app.kubernetes.io/name: kong
-                    app.kubernetes.io/version: \"3.6\"
-                    helm.sh/chart: kong-2.38.0
-                name: kong-pre-upgrade-migrations
-            spec:
-                automountServiceAccountToken: false
-                containers:
-                    - args:
-                        - kong
-                        - migrations
-                        - up
-                      env:
-                        - name: CLIENT_ID
-                          value: exampleId
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: kong-upgrade-migrations
-                      resources: {}
-                      securityContext:
-                        allowPrivilegeEscalation: false
-                        capabilities:
-                            drop:
-                                - ALL
-                        readOnlyRootFilesystem: true
-                        runAsNonRoot: true
-                        runAsUser: 1000
-                        seccompProfile:
-                            type: RuntimeDefault
-                      volumeMounts:
-                        - mountPath: /kong_prefix/
-                          name: chartsnap-kong-prefix-dir
-                        - mountPath: /tmp
-                          name: chartsnap-kong-tmp
-                initContainers:
-                    - command:
-                        - bash
-                        - /wait_postgres/wait.sh
-                      env:
-                        - name: CLIENT_ID
-                          value: exampleId
-                        - name: KONG_ADMIN_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_API_URI
-                          value: http://
-                        - name: KONG_ADMIN_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_GUI_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_ADMIN_GUI_API_URL
-                          value: http://
-                        - name: KONG_ADMIN_GUI_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ADMIN_LISTEN
-                          value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
-                        - name: KONG_ANONYMOUS_REPORTS
-                          value: \"off\"
-                        - name: KONG_CLUSTER_LISTEN
-                          value: \"off\"
-                        - name: KONG_DATABASE
-                          value: postgres
-                        - name: KONG_KIC
-                          value: \"on\"
-                        - name: KONG_LUA_PACKAGE_PATH
-                          value: /opt/?.lua;/opt/?/init.lua;;
-                        - name: KONG_NGINX_WORKER_PROCESSES
-                          value: \"2\"
-                        - name: KONG_PG_HOST
-                          value: chartsnap-postgresql
-                        - name: KONG_PG_PASSWORD
-                          valueFrom:
-                            secretKeyRef:
-                                key: password
-                                name: chartsnap-postgresql
-                        - name: KONG_PG_PORT
-                          value: \"5432\"
-                        - name: KONG_PORTAL_API_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PORTAL_API_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PORT_MAPS
-                          value: 80:8000, 443:8443
-                        - name: KONG_PREFIX
-                          value: /kong_prefix/
-                        - name: KONG_PROXY_ACCESS_LOG
-                          value: /dev/stdout
-                        - name: KONG_PROXY_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_PROXY_LISTEN
-                          value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
-                        - name: KONG_PROXY_STREAM_ACCESS_LOG
-                          value: /dev/stdout basic
-                        - name: KONG_PROXY_STREAM_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_ROUTER_FLAVOR
-                          value: traditional
-                        - name: KONG_STATUS_ACCESS_LOG
-                          value: \"off\"
-                        - name: KONG_STATUS_ERROR_LOG
-                          value: /dev/stderr
-                        - name: KONG_STATUS_LISTEN
-                          value: 0.0.0.0:8100, [::]:8100
-                        - name: KONG_STREAM_LISTEN
-                          value: \"off\"
-                        - name: KONG_NGINX_DAEMON
-                          value: \"off\"
-                      image: kong:3.6
-                      imagePullPolicy: IfNotPresent
-                      name: wait-for-postgres
-                      resources: {}
-                      volumeMounts:
-                        - mountPath: /wait_postgres
-                          name: chartsnap-kong-bash-wait-for-postgres
-                restartPolicy: OnFailure
-                securityContext: {}
-                serviceAccountName: chartsnap-kong
-                volumes:
-                    - emptyDir:
-                        sizeLimit: 256Mi
-                      name: chartsnap-kong-prefix-dir
-                    - emptyDir:
-                        sizeLimit: 1Gi
-                      name: chartsnap-kong-tmp
-                    - name: chartsnap-kong-token
-                      projected:
-                        sources:
-                            - serviceAccountToken:
-                                expirationSeconds: 3607
-                                path: token
-                            - configMap:
-                                items:
-                                    - key: ca.crt
-                                      path: ca.crt
-                                name: kube-root-ca.crt
-                            - downwardAPI:
-                                items:
-                                    - fieldRef:
-                                        apiVersion: v1
-                                        fieldPath: metadata.namespace
-                                      path: namespace
-                    - configMap:
-                        defaultMode: 493
-                        name: chartsnap-kong-bash-wait-for-postgres
-                      name: chartsnap-kong-bash-wait-for-postgres
-                    - name: webhook-cert
-                      secret:
-                        secretName: chartsnap-kong-validation-webhook-keypair
-- object:
-    apiVersion: networking.k8s.io/v1
-    kind: Ingress
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        rules:
-            - host: proxy.kong.example
-              http:
-                paths:
-                    - backend:
-                        service:
-                            name: chartsnap-kong-proxy
-                            port:
-                                number: 443
-                      path: /
-                      pathType: ImplementationSpecific
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRole
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    rules:
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongupstreampolicies/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumergroups/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - nodes
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - pods
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - secrets
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - ingressclassparameterses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongconsumers/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - tcpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - udpingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - extensions
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingresses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - discovery.k8s.io
-          resources:
-            - endpointslices
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - konglicenses/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongvaults/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins
-          verbs:
-            - get
-            - list
-            - watch
-        - apiGroups:
-            - configuration.konghq.com
-          resources:
-            - kongclusterplugins/status
-          verbs:
-            - get
-            - patch
-            - update
-        - apiGroups:
-            - apiextensions.k8s.io
-          resources:
-            - customresourcedefinitions
-          verbs:
-            - list
-            - watch
-        - apiGroups:
-            - networking.k8s.io
-          resources:
-            - ingressclasses
-          verbs:
-            - get
-            - list
-            - watch
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: ClusterRoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: ClusterRole
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: Role
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    rules:
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-            - pods
-            - secrets
-            - namespaces
-          verbs:
-            - get
-        - apiGroups:
-            - \"\"
-          resourceNames:
-            - kong-ingress-controller-leader-kong-kong
-          resources:
-            - configmaps
-          verbs:
-            - get
-            - update
-        - apiGroups:
-            - \"\"
-          resources:
-            - configmaps
-          verbs:
-            - create
-        - apiGroups:
-            - \"\"
-            - coordination.k8s.io
-          resources:
-            - configmaps
-            - leases
-          verbs:
-            - get
-            - list
-            - watch
-            - create
-            - update
-            - patch
-            - delete
-        - apiGroups:
-            - \"\"
-          resources:
-            - events
-          verbs:
-            - create
-            - patch
-        - apiGroups:
-            - \"\"
-          resources:
-            - services
-          verbs:
-            - get
-- object:
-    apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-    roleRef:
-        apiGroup: rbac.authorization.k8s.io
-        kind: Role
-        name: chartsnap-kong
-    subjects:
-        - kind: ServiceAccount
-          name: chartsnap-kong
-          namespace: default
-- object:
-    apiVersion: v1
-    data:
-        wait.sh: |
-            until timeout 2 bash -c \"9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}\"
-              do echo \"waiting for db - trying ${KONG_PG_HOST}:${KONG_PG_PORT}\"
-              sleep 2
-            done
-    kind: ConfigMap
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-bash-wait-for-postgres
-        namespace: default
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-ca-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        tls.crt: '###DYNAMIC_FIELD###'
-        tls.key: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-validation-webhook-keypair
-        namespace: default
-    type: kubernetes.io/tls
-- object:
-    apiVersion: v1
-    data:
-        password: a29uZw==
-        postgres-password: '###DYNAMIC_FIELD###'
-    kind: Secret
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: postgresql
-            helm.sh/chart: postgresql-11.9.13
-        name: chartsnap-postgresql
-        namespace: default
-    type: Opaque
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-manager
-        namespace: default
-    spec:
-        ports:
-            - name: kong-manager
-              port: 8002
-              protocol: TCP
-              targetPort: 8002
-            - name: kong-manager-tls
-              port: 8445
-              protocol: TCP
-              targetPort: 8445
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: NodePort
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            enable-metrics: \"true\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong-proxy
-        namespace: default
-    spec:
-        ports:
-            - name: kong-proxy
-              port: 80
-              protocol: TCP
-              targetPort: 8000
-            - name: kong-proxy-tls
-              port: 443
-              protocol: TCP
-              targetPort: 8443
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: kong
-        type: LoadBalancer
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
+      automountServiceAccountToken: false
+      containers:
+        - args:
+            - kong
+            - migrations
+            - bootstrap
+          env:
+            - name: CLIENT_ID
+              value: exampleId
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: kong-migrations
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - bash
+            - /wait_postgres/wait.sh
+          env:
+            - name: CLIENT_ID
+              value: exampleId
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: wait-for-postgres
+          resources: {}
+          volumeMounts:
+            - mountPath: /wait_postgres
+              name: chartsnap-kong-bash-wait-for-postgres
+      restartPolicy: OnFailure
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - configMap:
+            defaultMode: 493
+            name: chartsnap-kong-bash-wait-for-postgres
+          name: chartsnap-kong-bash-wait-for-postgres
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-proxy
+  namespace: default
+spec:
+  rules:
+    - host: proxy.kong.example
+      http:
+        paths:
+          - backend:
+              service:
+                name: chartsnap-kong-proxy
+                port:
+                  number: 443
+            path: /
+            pathType: ImplementationSpecific
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-validations
+  namespace: default
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
         name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: webhook
-              port: 443
-              protocol: TCP
-              targetPort: webhook
-        selector:
-            app.kubernetes.io/component: app
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        annotations: null
-        labels:
-            app.kubernetes.io/component: primary
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: postgresql
-            helm.sh/chart: postgresql-11.9.13
-        name: chartsnap-postgresql
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.credentials.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: konghq.com/credential
+          operator: Exists
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        ports:
-            - name: tcp-postgresql
-              nodePort: null
-              port: 5432
-              targetPort: tcp-postgresql
-        selector:
-            app.kubernetes.io/component: primary
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: postgresql
-        sessionAffinity: None
-        type: ClusterIP
-- object:
-    apiVersion: v1
-    kind: Service
-    metadata:
-        labels:
-            app.kubernetes.io/component: primary
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: postgresql
-            helm.sh/chart: postgresql-11.9.13
-            service.alpha.kubernetes.io/tolerate-unready-endpoints: \"true\"
-        name: chartsnap-postgresql-hl
+    failurePolicy: Ignore
+    matchPolicy: Equivalent
+    name: secrets.plugins.validation.ingress-controller.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - secrets
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: '###DYNAMIC_FIELD###'
+      service:
+        name: chartsnap-kong-validation-webhook
         namespace: default
-    spec:
-        clusterIP: None
-        ports:
-            - name: tcp-postgresql
-              port: 5432
-              targetPort: tcp-postgresql
-        publishNotReadyAddresses: true
-        selector:
-            app.kubernetes.io/component: primary
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/name: postgresql
-        type: ClusterIP
-- object:
-    apiVersion: v1
-    kind: ServiceAccount
+    failurePolicy: Ignore
+    name: validations.kong.konghq.com
+    objectSelector:
+      matchExpressions:
+        - key: owner
+          operator: NotIn
+          values:
+            - helm
+    rules:
+      - apiGroups:
+          - configuration.konghq.com
+        apiVersions:
+          - '*'
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - kongconsumers
+          - kongplugins
+          - kongclusterplugins
+          - kongingresses
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - services
+      - apiGroups:
+          - networking.k8s.io
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - ingresses
+      - apiGroups:
+          - gateway.networking.k8s.io
+        apiVersions:
+          - v1alpha2
+          - v1beta1
+          - v1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - gateways
+          - httproutes
+    sideEffects: None
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    helm.sh/hook: post-upgrade
+    helm.sh/hook-delete-policy: before-hook-creation
+  labels:
+    app.kubernetes.io/component: post-upgrade-migrations
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-post-upgrade-migrations
+  namespace: default
+spec:
+  backoffLimit: null
+  template:
     metadata:
-        labels:
-            app.kubernetes.io/instance: chartsnap
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: kong
-            app.kubernetes.io/version: \"3.6\"
-            helm.sh/chart: kong-2.38.0
-        name: chartsnap-kong
-        namespace: default
-"""
+      annotations:
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        sidecar.istio.io/inject: "false"
+      labels:
+        app.kubernetes.io/component: post-upgrade-migrations
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+      name: kong-post-upgrade-migrations
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - args:
+            - kong
+            - migrations
+            - finish
+          env:
+            - name: CLIENT_ID
+              value: exampleId
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: kong-post-upgrade-migrations
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - bash
+            - /wait_postgres/wait.sh
+          env:
+            - name: CLIENT_ID
+              value: exampleId
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: wait-for-postgres
+          resources: {}
+          volumeMounts:
+            - mountPath: /wait_postgres
+              name: chartsnap-kong-bash-wait-for-postgres
+      restartPolicy: OnFailure
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - configMap:
+            defaultMode: 493
+            name: chartsnap-kong-bash-wait-for-postgres
+          name: chartsnap-kong-bash-wait-for-postgres
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
+    helm.sh/hook: pre-upgrade
+    helm.sh/hook-delete-policy: before-hook-creation
+  labels:
+    app.kubernetes.io/component: pre-upgrade-migrations
+    app.kubernetes.io/instance: chartsnap
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: kong
+    app.kubernetes.io/version: "3.6"
+    helm.sh/chart: kong-2.39.0
+  name: chartsnap-kong-pre-upgrade-migrations
+  namespace: default
+spec:
+  backoffLimit: null
+  template:
+    metadata:
+      annotations:
+        kuma.io/service-account-token-volume: chartsnap-kong-token
+        sidecar.istio.io/inject: "false"
+      labels:
+        app.kubernetes.io/component: pre-upgrade-migrations
+        app.kubernetes.io/instance: chartsnap
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: kong
+        app.kubernetes.io/version: "3.6"
+        helm.sh/chart: kong-2.39.0
+      name: kong-pre-upgrade-migrations
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - args:
+            - kong
+            - migrations
+            - up
+          env:
+            - name: CLIENT_ID
+              value: exampleId
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: kong-upgrade-migrations
+          resources: {}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /kong_prefix/
+              name: chartsnap-kong-prefix-dir
+            - mountPath: /tmp
+              name: chartsnap-kong-tmp
+      initContainers:
+        - command:
+            - bash
+            - /wait_postgres/wait.sh
+          env:
+            - name: CLIENT_ID
+              value: exampleId
+            - name: KONG_ADMIN_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_API_URI
+              value: http://
+            - name: KONG_ADMIN_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_GUI_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_ADMIN_GUI_API_URL
+              value: http://
+            - name: KONG_ADMIN_GUI_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ADMIN_LISTEN
+              value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl
+            - name: KONG_ANONYMOUS_REPORTS
+              value: "off"
+            - name: KONG_CLUSTER_LISTEN
+              value: "off"
+            - name: KONG_DATABASE
+              value: postgres
+            - name: KONG_KIC
+              value: "on"
+            - name: KONG_LUA_PACKAGE_PATH
+              value: /opt/?.lua;/opt/?/init.lua;;
+            - name: KONG_NGINX_WORKER_PROCESSES
+              value: "2"
+            - name: KONG_PG_HOST
+              value: chartsnap-postgresql
+            - name: KONG_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: chartsnap-postgresql
+            - name: KONG_PG_PORT
+              value: "5432"
+            - name: KONG_PORTAL_API_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PORTAL_API_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PORT_MAPS
+              value: 80:8000, 443:8443
+            - name: KONG_PREFIX
+              value: /kong_prefix/
+            - name: KONG_PROXY_ACCESS_LOG
+              value: /dev/stdout
+            - name: KONG_PROXY_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_PROXY_LISTEN
+              value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl
+            - name: KONG_PROXY_STREAM_ACCESS_LOG
+              value: /dev/stdout basic
+            - name: KONG_PROXY_STREAM_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_ROUTER_FLAVOR
+              value: traditional
+            - name: KONG_STATUS_ACCESS_LOG
+              value: "off"
+            - name: KONG_STATUS_ERROR_LOG
+              value: /dev/stderr
+            - name: KONG_STATUS_LISTEN
+              value: 0.0.0.0:8100, [::]:8100
+            - name: KONG_STREAM_LISTEN
+              value: "off"
+            - name: KONG_NGINX_DAEMON
+              value: "off"
+          image: kong:3.6
+          imagePullPolicy: IfNotPresent
+          name: wait-for-postgres
+          resources: {}
+          volumeMounts:
+            - mountPath: /wait_postgres
+              name: chartsnap-kong-bash-wait-for-postgres
+      restartPolicy: OnFailure
+      securityContext: {}
+      serviceAccountName: chartsnap-kong
+      volumes:
+        - emptyDir:
+            sizeLimit: 256Mi
+          name: chartsnap-kong-prefix-dir
+        - emptyDir:
+            sizeLimit: 1Gi
+          name: chartsnap-kong-tmp
+        - name: chartsnap-kong-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  expirationSeconds: 3607
+                  path: token
+              - configMap:
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                  name: kube-root-ca.crt
+              - downwardAPI:
+                  items:
+                    - fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                      path: namespace
+        - configMap:
+            defaultMode: 493
+            name: chartsnap-kong-bash-wait-for-postgres
+          name: chartsnap-kong-bash-wait-for-postgres
+        - name: webhook-cert
+          secret:
+            secretName: chartsnap-kong-validation-webhook-keypair
diff --git a/charts/kong/kong/ci/custom-entities-rbac-3.2-values.yaml b/charts/kong/kong/ci/custom-entities-rbac-3.2-values.yaml
new file mode 100644
index 000000000..c3206b8d2
--- /dev/null
+++ b/charts/kong/kong/ci/custom-entities-rbac-3.2-values.yaml
@@ -0,0 +1,19 @@
+env:
+  anonymous_reports: "off"
+
+ingressController:
+  env:
+    anonymous_reports: "false"
+  image:
+    repository: kong/nightly-ingress-controller
+    tag: "2024-06-09"
+    # Unreleased yet so use the nightly and the effective semver
+    effectiveSemver: "3.2"
+
+readinessProbe:
+  httpGet:
+    path: "/status"
+    port: status
+    scheme: HTTP
+  initialDelaySeconds: 1
+  periodSeconds: 1
diff --git a/charts/kong/kong/ci/test2-values.yaml b/charts/kong/kong/ci/test2-values.yaml
index ba77b5cb7..ddcc6fd9f 100644
--- a/charts/kong/kong/ci/test2-values.yaml
+++ b/charts/kong/kong/ci/test2-values.yaml
@@ -9,6 +9,7 @@ ingressController:
   admissionWebhook:
     enabled: true
     timeoutSeconds: 5
+    filterSecrets: true
   env:
     anonymous_reports: "false"
   envFrom:
diff --git a/charts/kong/kong/templates/_helpers.tpl b/charts/kong/kong/templates/_helpers.tpl
index 2dab58695..c3528b486 100644
--- a/charts/kong/kong/templates/_helpers.tpl
+++ b/charts/kong/kong/templates/_helpers.tpl
@@ -210,6 +210,7 @@ spec:
   ports:
   {{- if .http }}
   {{- if .http.enabled }}
+  {{- if ne ( .http.servicePort | toString ) "0" }}
   - name: kong-{{ .serviceName }}
     port: {{ .http.servicePort }}
     targetPort: {{ .http.containerPort }}
@@ -222,6 +223,7 @@ spec:
     protocol: TCP
   {{- end }}
   {{- end }}
+  {{- end }}
   {{- if .tls.enabled }}
   - name: kong-{{ .serviceName }}-tls
     port: {{ .tls.servicePort }}
@@ -329,8 +331,10 @@ Parameters: takes a service (e.g. .Values.proxy) as its argument and returns KON
   {{- $portMaps := list -}}
 
   {{- if .http.enabled -}}
+  {{- if ne (.http.servicePort | toString ) "0" -}}
         {{- $portMaps = append $portMaps (printf "%d:%d" (int64 .http.servicePort) (int64 .http.containerPort)) -}}
   {{- end -}}
+  {{- end -}}
 
   {{- if .tls.enabled -}}
         {{- $portMaps = append $portMaps (printf "%d:%d" (int64 .tls.servicePort) (int64 .tls.containerPort)) -}}
@@ -1115,8 +1119,10 @@ the template that it itself is using form the above sections.
       {{- $_ := set $autoEnv "KONG_ADMIN_GUI_AUTH_CONF" $guiAuthConf -}}
     {{- end }}
 
-    {{- $guiSessionConf := include "secretkeyref" (dict "name" .Values.enterprise.rbac.session_conf_secret "key" "admin_gui_session_conf") -}}
-    {{- $_ := set $autoEnv "KONG_ADMIN_GUI_SESSION_CONF" $guiSessionConf -}}
+    {{- if .Values.enterprise.rbac.session_conf_secret }}
+      {{- $guiSessionConf := include "secretkeyref" (dict "name" .Values.enterprise.rbac.session_conf_secret "key" "admin_gui_session_conf") -}}
+      {{- $_ := set $autoEnv "KONG_ADMIN_GUI_SESSION_CONF" $guiSessionConf -}}
+    {{- end }}
   {{- end }}
 
   {{- if .Values.enterprise.smtp.enabled }}
@@ -1284,6 +1290,24 @@ role sets used in the charts. Updating these requires separating out cluster
 resource roles into their separate templates.
 */}}
 {{- define "kong.kubernetesRBACRules" -}}
+{{- if (semverCompare ">= 3.2.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
+- apiGroups:
+  - configuration.konghq.com
+  resources:
+  - kongcustomentities
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - configuration.konghq.com
+  resources:
+  - kongcustomentities/status
+  verbs:
+  - get
+  - patch
+  - update
+{{- end }}
 {{- if and (semverCompare ">= 3.1.0" (include "kong.effectiveVersion" .Values.ingressController.image))
            (contains (print .Values.ingressController.env.feature_gates) "KongServiceFacade=true") }}
 - apiGroups:
diff --git a/charts/kong/kong/templates/admission-webhook.yaml b/charts/kong/kong/templates/admission-webhook.yaml
index 979f1c0ab..1f121eff0 100644
--- a/charts/kong/kong/templates/admission-webhook.yaml
+++ b/charts/kong/kong/templates/admission-webhook.yaml
@@ -41,6 +41,91 @@ metadata:
   {{- end }}
   {{- end }}
 webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    {{- if not .Values.ingressController.admissionWebhook.certificate.provided }}
+    caBundle: {{ b64enc $caCert }}
+    {{- else }}
+    {{- if .Values.ingressController.admissionWebhook.certificate.caBundle }}
+    caBundle: {{ b64enc .Values.ingressController.admissionWebhook.certificate.caBundle }}
+    {{- end }}
+    {{- end }}
+    service:
+      name: {{ template "kong.service.validationWebhook" . }}
+      namespace: {{ template "kong.namespace" . }}
+  failurePolicy: {{ .Values.ingressController.admissionWebhook.failurePolicy }}
+  matchPolicy: Equivalent
+  name: secrets.credentials.validation.ingress-controller.konghq.com
+  {{- with .Values.ingressController.admissionWebhook.namespaceSelector }}
+  namespaceSelector:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.ingressController.admissionWebhook.timeoutSeconds }}
+  timeoutSeconds: {{ . }}
+  {{- end }}
+  objectSelector:
+    matchExpressions:
+    - key: "konghq.com/credential"
+      operator: "Exists"
+  rules:
+  - apiGroups:
+    - ""
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - secrets
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    {{- if not .Values.ingressController.admissionWebhook.certificate.provided }}
+    caBundle: {{ b64enc $caCert }}
+    {{- else }}
+    {{- if .Values.ingressController.admissionWebhook.certificate.caBundle }}
+    caBundle: {{ b64enc .Values.ingressController.admissionWebhook.certificate.caBundle }}
+    {{- end }}
+    {{- end }}
+    service:
+      name: {{ template "kong.service.validationWebhook" . }}
+      namespace: {{ template "kong.namespace" . }}
+  failurePolicy: {{ .Values.ingressController.admissionWebhook.failurePolicy }}
+  matchPolicy: Equivalent
+  name: secrets.plugins.validation.ingress-controller.konghq.com
+  {{- with .Values.ingressController.admissionWebhook.namespaceSelector }}
+  namespaceSelector:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.ingressController.admissionWebhook.timeoutSeconds }}
+  timeoutSeconds: {{ . }}
+  {{- end }}
+  {{- if .Values.ingressController.admissionWebhook.filterSecrets }}
+  objectSelector:
+    matchExpressions:
+    - key: "konghq.com/validate"
+      operator: "Exists"
+  {{- else }}
+  objectSelector:
+    matchExpressions:
+    - key: owner
+      operator: NotIn
+      values:
+      - helm
+  {{- end }}
+  rules:
+  - apiGroups:
+    - ""
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - secrets
+  sideEffects: None
 - name: validations.kong.konghq.com
   {{- with .Values.ingressController.admissionWebhook.namespaceSelector }}
   namespaceSelector:
@@ -75,18 +160,15 @@ webhooks:
 {{- if (semverCompare ">= 2.8.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
     - kongingresses
 {{- end }}
+{{- if (semverCompare ">= 3.0.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
   - apiGroups:
     - ''
     apiVersions:
     - 'v1'
     operations:
-{{- if (semverCompare ">= 2.12.1" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
     - CREATE
-{{- end }}
     - UPDATE
     resources:
-    - secrets
-{{- if (semverCompare ">= 3.0.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
     - services
 {{- end }}
 {{- if (semverCompare ">= 2.12.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
diff --git a/charts/kong/kong/values.yaml b/charts/kong/kong/values.yaml
index cb1bb6493..3e3cc507e 100644
--- a/charts/kong/kong/values.yaml
+++ b/charts/kong/kong/values.yaml
@@ -297,6 +297,9 @@ proxy:
   http:
     # Enable plaintext HTTP listen for the proxy
     enabled: true
+    # Set the servicePort: 0 to skip exposing in the service but still
+    # let the port open in container to allow https to http mapping for
+    # tls terminated at LB.
     servicePort: 80
     containerPort: 8000
     # Set a nodePort which is available if service type is NodePort
@@ -529,7 +532,7 @@ ingressController:
   enabled: true
   image:
     repository: kong/kubernetes-ingress-controller
-    tag: "3.1"
+    tag: "3.2"
     # Optionally set a semantic version for version-gated features. This can normally
     # be left unset. You only need to set this if your tag is not a semver string,
     # such as when you are using a "next" tag. Set this to the effective semantic
@@ -579,6 +582,7 @@ ingressController:
 
   admissionWebhook:
     enabled: true
+    filterSecrets: false
     failurePolicy: Ignore
     port: 8080
     certificate:
@@ -1028,7 +1032,9 @@ enterprise:
     # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key
     # The key value must be a secret configuration, following the example at
     # https://docs.konghq.com/enterprise/latest/kong-manager/authentication/sessions
-    session_conf_secret: kong-session-config
+    # If using 3.6+ and OIDC, session configuration is instead handled in the auth configuration,
+    # and this field can be left empty.
+    session_conf_secret: ""  # CHANGEME
     # If admin_gui_auth is not set to basic-auth, provide a secret name which
     # has an admin_gui_auth_conf key containing the plugin config JSON
     admin_gui_auth_conf_secret: CHANGEME-admin-gui-auth-conf-secret
diff --git a/index.yaml b/index.yaml
index 536385cff..8e04a7e7b 100644
--- a/index.yaml
+++ b/index.yaml
@@ -12894,6 +12894,63 @@ entries:
     - assets/intel/intel-device-plugins-sgx-0.26.1.tgz
     version: 0.26.1
   jenkins:
+  - annotations:
+      artifacthub.io/category: integration-delivery
+      artifacthub.io/changes: |
+        - Update `jenkins/jenkins` to version `2.452.2-jdk17`
+      artifacthub.io/images: |
+        - name: jenkins
+          image: docker.io/jenkins/jenkins:2.452.2-jdk17
+        - name: k8s-sidecar
+          image: docker.io/kiwigrid/k8s-sidecar:1.27.4
+        - name: inbound-agent
+          image: jenkins/inbound-agent:3248.v65ecb_254c298-1
+      artifacthub.io/license: Apache-2.0
+      artifacthub.io/links: |
+        - name: Chart Source
+          url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins
+        - name: Jenkins
+          url: https://www.jenkins.io/
+        - name: support
+          url: https://github.com/jenkinsci/helm-charts/issues
+      catalog.cattle.io/certified: partner
+      catalog.cattle.io/display-name: Jenkins
+      catalog.cattle.io/kube-version: '>=1.14-0'
+      catalog.cattle.io/release-name: jenkins
+    apiVersion: v2
+    appVersion: 2.452.2
+    created: "2024-06-13T00:55:41.447429009Z"
+    description: 'Jenkins - Build great things at any scale! As the leading open source
+      automation server, Jenkins provides over 1800 plugins to support building, deploying
+      and automating any project. '
+    digest: 07ea04b20c75e1e6eb78cdd2a33adb7175f5fb845951fc91e4a5a19f28790150
+    home: https://www.jenkins.io/
+    icon: https://get.jenkins.io/art/jenkins-logo/logo.svg
+    keywords:
+    - jenkins
+    - ci
+    - devops
+    maintainers:
+    - email: maor.friedman@redhat.com
+      name: maorfr
+    - email: mail@torstenwalter.de
+      name: torstenwalter
+    - email: garridomota@gmail.com
+      name: mogaal
+    - email: wmcdona89@gmail.com
+      name: wmcdona89
+    - email: timjacomb1@gmail.com
+      name: timja
+    name: jenkins
+    sources:
+    - https://github.com/jenkinsci/jenkins
+    - https://github.com/jenkinsci/docker-inbound-agent
+    - https://github.com/maorfr/kube-tasks
+    - https://github.com/jenkinsci/configuration-as-code-plugin
+    type: application
+    urls:
+    - assets/jenkins/jenkins-5.2.1.tgz
+    version: 5.2.1
   - annotations:
       artifacthub.io/category: integration-delivery
       artifacthub.io/changes: |
@@ -16780,6 +16837,31 @@ entries:
     - assets/clastix/kamaji-console-0.0.3.tgz
     version: 0.0.3
   kong:
+  - annotations:
+      catalog.cattle.io/certified: partner
+      catalog.cattle.io/display-name: Kong Gateway
+      catalog.cattle.io/release-name: kong
+    apiVersion: v2
+    appVersion: "3.6"
+    created: "2024-06-13T00:55:42.391314087Z"
+    dependencies:
+    - condition: postgresql.enabled
+      name: postgresql
+      repository: file://./charts/postgresql
+      version: 11.9.13
+    description: The Cloud-Native Ingress and API-management
+    digest: 2227de5b83bafbecfa969cd6e52d48a6151722c8c6ca2cb3622a6706cb89b4d4
+    home: https://konghq.com/
+    icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png
+    maintainers:
+    - email: team-k8s@konghq.com
+      name: team-k8s-bot
+    name: kong
+    sources:
+    - https://github.com/Kong/charts/tree/main/charts/kong
+    urls:
+    - assets/kong/kong-2.39.0.tgz
+    version: 2.39.0
   - annotations:
       catalog.cattle.io/certified: partner
       catalog.cattle.io/display-name: Kong Gateway